21/01 - IMPORTANT: TOKEN contract change
Important changes have been made to TOKEN. Please read for further information.
Last updated
Important changes have been made to TOKEN. Please read for further information.
Last updated
The official TOKEN contract address has changed:
During the TOKEN launch on the 14th, a single party exploited the mechanics of the launch and acquired an overwhelming stake in the token, extracting huge value at the expense of all others.
Today, on the 21st, the token.com team took the decisive action to deploy a new token contract, migrate liquidity and redistribute the exploiters tokens to all existing token holders to compensate for the attack. This effectively increases all TOKEN holder balances by ~68%.
From here on out, TOKEN can grow unencumbered on the new contract address.
This was a painfully complex situation to manage and we thank the community for their patience and support as we dealt with this issue.
At around 2pm on January 14th, TOKEN went live on Base/Uniswap. With lots of purchases from community, friends and family, the market cap quickly soared and touched $20 million.
Unbeknownst to us, a sophisticated bot had initiated a novel strategy to perform a DDOS attack on the Uniswap pool. They managed to confirm their transaction on block 0, exploiting the pool dynamics and buying up approximately 50% of available tokens.
This automated bot then started dumping over half of their tokens moments later into incoming community purchases, quickly bringing the market cap back down. They presently still hold over 31.3% of the total circulating supply of TOKEN to this day, and continue to extract more value from the community. Due to their extensive history of exploiting projects, we would like to clarify that this was a sophisticated external actor and not a token.com team member.
After analyzing this account, we identified they also hold millions of dollars of funds grifted from newly launched projects – effectively dooming many of these projects right out the gate. To be clear, their actions go against what the token.com community is trying to build.
In war, the only way to defend oneself is to attack, and to attack strongly and decisively."
— Napoleon Bonaparte
The token.com team recognized this as a hostile act against the project's community and integrity.
A "hard reset" was deemed necessary. The token.com team:
Removed liquidity from the original Uniswap pool.
Took a snapshot of user balances, created a new token contract, and migrated these balances.
In the new contract we effectively nullified the attacker's 17 addresses while redistributing their tokens, increasing community holdings by ~68%
After checking everything deployed correctly, we finally deployed liquidity to the new pool.
All the above was executed in a single transaction which took a few days to strategise and build. Secrecy was paramount; all actions were taken covertly to avoid alerting the attacker.
We realised that the attacker was able to perform his original attack due to us being so open and transparent about launch time and dynamics. We assumed they were monitoring all channels and chains, therefore we could not risk information of a counter attack leaking.
While "code is law" might apply in some situations, leaving the attacker in control would have jeopardized the project’s integrity and future.
Allowing this exploitation to persist would mean:
The attacker continues to profit from the team’s hard work and the community’s investment.
token.com’s growth and vision being stifled by malicious intent.
The price will stagnate and deter any new investors for the project.
Instead, we acted decisively to protect the community, restore fairness, and ensure the long-term success of TOKEN.
What was supposed to be a week of jubilation, turned into a week of dire troubleshooting.
TOKEN holders:
No action is needed. Your original TOKEN holdings, plus an additional ~68% allocation, have been distributed directly to your wallet on the new token contract. Depending on your wallet, you may need to import the new token.
If you are an Liquidity Provider:
The new token snapshot included all LP holders within the token.com community. Please withdraw immediately and migrate your positions to the new token as soon as possible to avoid unnecessary loss. We appreciate your support; your TOKEN balances have also increased by ~68%.
Thank you to all TOKEN holders who stood by us. Your resilience and trust mean everything. To those with dissenting or weak voices, we understand this decision may not satisfy everyone. If you do not share in our overall vision, we respect your choice to move on.
TOKEN is now unshackled from this malicious actor, and we remain steadfast in our mission to make TOKEN a thriving and innovative part of the crypto ecosystem.
Well played. Teams like us spend years working to build ground breaking products like token.com. Our community, family and friends invested their hard earned money into buying our token. We are extremely dedicated at all costs to build greatness. Shame on you.
A heartfelt thank-you to our team, who worked tirelessly through nights and weekends to analyze, engineer, and execute this counter-attack. TOKEN is stronger today because of your commitment.
With this decisive action, TOKEN can now fulfill its potential—secure, fair, and ready to grow.
We wanted to keep the launch of TOKEN fair, meaning we have no VC investment or presale allocations to vest.
No, token.com cannot create or mint anymore TOKEN. The total supply of TOKEN is programmed and set by the smart contract at one billion.
Yes, the contract ownership has been renounced.
You can use our official X channel and Telegram for further support.
The token.com team is actively looking into locking the liquidity for TOKEN.
New TOKEN Contract address: 0xD758916365B361Cf833BB9c4c465ECd501dDd984
New TOKEN Uniswap link: https://app.uniswap.org/explore/tokens/base/0xD758916365B361Cf833BB9c4c465ECd501dDd984
DexScreener link: https://dexscreener.com/base/0xd758916365b361cf833bb9c4c465ecd501ddd984
Please note that the old TOKEN contract address (0x49AD42aac28A982FB5FF6A4172Ba73f0cCdF73C9) is now deprecated. Please refrain from trading and transferring the old token.
