PANews reported on March 18 that according to SlowMist monitoring, the attacker purchased a small amount of tokens through the Four.meme function (0x7f79f6df) and used this function to send tokens to the PancakeSwap trading pair address that had not yet been created. This move allowed the attacker to create trading pairs and add liquidity, bypassing the transfer restrictions of the Four.meme Token released in April, and ultimately adding liquidity at an inappropriate price, stealing the liquidity in the pool.