News

Floki Responds to $BADAI LP Exploit: What Happened and What’s Next

chain

The attacker, hired via Toptal, manipulated internal processes to unlock and remove a portion of BadAI’s liquidity pool. The exploit did not stem from flaws in the BADAI protocol itself.

Soumen Datta

April 15, 2025

On April 7, 2025, Floki identified suspicious activity linked to the BadAI LP vault. The initial signs pointed to a serious breach involving a part of the liquidity pool connected to the recent $BADAI airdrop. 

While community concern surged, Floki clarified that the issue did not originate from BadAI's protocol or smart contracts. Instead, the cause was traced back to a Floki team member with privileged access.

Now, in a recent official update, Floki confirmed that the exploit was executed by a rogue developer who had been working with the team for over two years. This individual leveraged backdoor access to manipulate liquidity pool (LP) locks and siphon off a portion of the BadAI LP.

The Role of a Trusted Hiring Platform in the Exploit

The developer in question was sourced through Toptal, a prominent talent platform that boasts an estimated $1.3 billion in annual revenue. Toptal markets itself as a premium network of vetted developers and requires clients to manage contracts within its ecosystem. Despite these safeguards, this particular developer was able to bypass Floki’s internal processes.

According to Floki, the rogue actor pushed an unauthorized update to the FlokiFi Locker, a DeFi tool for token and LP locking. The update allowed the deployer wallet to retract LP tokens from upgradeable vaults. Using this exploit, the developer extracted funds from the BadAI LP.

This wasn’t a smart contract vulnerability. The smart contracts performed as coded. The problem stemmed from a trusted actor misusing their privileged access—something harder to anticipate and prevent.

Action from the Floki Team

Upon identifying the breach, Floki wasted no time. They revoked access from the compromised deployer address and froze all new vault locks on the affected chain. Additionally, Floki initiated a comprehensive review of the platform’s internal control mechanisms to avoid similar issues in the future.

Further, Floki announced that it would reimburse BadAI in full. This includes the total value of the LP affected at the time of the exploit and an additional compensation package as a goodwill gesture.

Legal Steps Underway

The Floki team has launched a two-pronged legal strategy. Their lawyers are actively engaging with Toptal, holding the platform accountable due to its involvement in managing the developer's contract. At the same time, the team is coordinating with local law enforcement to investigate and potentially prosecute the rogue developer responsible.

 

“We have instructed our lawyers to immediately engage with the Toptal team since the dev was hired and managed through their platform,” Floki stated. “Our lawyers are also initiating engagement with local law enforcement in an effort to bring this rogue dev to book for his actions.”

BadAI Breaks Silence

After days of silence, the BadAI team issued a public statement acknowledging Floki’s findings and confirming the exploit's origin. They expressed appreciation for Floki’s transparent handling of the matter and the steps taken to mitigate damages.

“We’re grateful to our community for standing by us,” BadAI stated, recognizing the support from users even during the project’s most challenging phase. They further assured the public of their ongoing work and hinted at upcoming developments to move the project forward.

Despite the setback, the tone from BadAI pledged to continue building and promised future updates.

The $BADAI Airdrop

The exploit came a few months after Floki promoted a $BADAI airdrop to FLOKI token holders across BNB and Ethereum chains. To qualify, users only needed to hold at least one FLOKI token. The size of the airdrop was proportional to the amount of FLOKI held—larger holdings meant larger airdrop allocations.

In total, 40 million $BADAI tokens were allocated for Floki Trading Bot users and an additional 40 million tokens for TokenFi ($TOKEN) holders, both of which have significant on-chain communities.

Floki BADAI airdrop announcement
Floki BADAI airdrop announcement

The airdrop was intended to boost visibility for the $BADAI token, which was launching exclusively on the BNB Chain. FLOKI users on both BNB and Ethereum networks would receive their $BADAI allocations on BNB, regardless of where they held their original FLOKI tokens.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].

Author

Soumen Datta

Soumen is an experienced writer in cryptocurrencies, DeFi, NFTs, and GameFi. He has been analyzing the space for the last several years and believes there is a lot of potential with blockchain technology, even though we are still at an early stage. In his spare time, Soumen enjoys playing his guitar and singing along. Soumen holds bags in BTC, ETH, BNB, MATIC, and ADA.

Project & Token Reviews

Learn about the hottest projects & tokens

Join our newsletter

Sign up for the very best tutorials and the latest Web3 news.

Subscribe Here!
BSCN

BSCN

BSCN RSS Feed

BSCN (fka BSC News) is your go-to destination for all things crypto and blockchain. Discover the latest cryptocurrency news, market analysis and research, covering Bitcoin, Ethereum, altcoins, memecoins, and everything in between.