The team behind Base memecoin Normie (NORMIE) says it is negotiating with its hacker to return 90% of funds stolen due to a smart contract vulnerability — leading to a $41.7 million plunge in the token’s market cap in less than three hours.

Blockchain analytics firm Lookonchain was one of the first to spot the exploit and the hacker’s offer in an on-chain message to Normie’s deployer address on May 26.

Normie later reportedly accepted the hacker’s offer to get 90% of the stolen NORMIE tokens back — though the price has already fallen 96% since the exploit — on the condition Normie uses the stolen funds and the $2.3 million in the team’s dev wallet to launch a new token to reimburse NORMIE holders.

The hacker also asked for no reprisals in another on-chain message.

“We will have to re-launch, yes,” Normie’s team said on a new X account it apparently created after its main one was suspended.

“That will come after we get our main twitter account back and after we get the funds from the exploiter,” Normie said at the time — though the temporary account was also suspended soon after.

But the hacker doubled down on their strict conditions, asserting that a token re-launch must occur prior to the funds being returned.

“The dev wallet made significantly more than I did during this exploit, and I have no other way to ensure that those funds are used appropriately.”

“Dinho,” one of the administrators of the official NORMIE Telegram group, couldn’t confirm when NORMIE token holders may recover their stolen funds. Dinho’s X account was also suspended.

NORMIE’s price started to fall at 3:55 am UTC on May 26, and within a single hour, it already plummeted over 92% to $0.0032, according to CoinGecko. It fell to 99.5% after two and a half

Other than a short-lived price spike to $0.019, its price continued to move in a downward trajectory to $0.0016 at the time of writing, marking a 96% fall.

Its market cap bottomed out at $200,000 after falling from $41.9 million but has slightly recovered since.

Related: $20M exploit cripples Sonne Finance, hacker in no mood for negotiation

The team behind blockchain scam detector tool Quick Intel claims 72,000 NORMIE holders were impacted by the smart contract vulnerability, which was discovered back in March.

It isn’t clear how much funds were stolen in the ordeal.

NORMIE was launched amid a recent memecoin mania on Base in March 2024, reaching a peak market cap of $130 million back on April 2, according to CoinGecko.

A recent investigation from Cointelegraph found 91% of Base memecoins have vulnerabilities that could expose users to big losses.

Magazine: Should crypto projects ever negotiate with hackers? Probably