QI Quadriga Initiative

Jun 2025 - Bankroll Network Legacy Contract Unlimited Permissions Drain - $65k (Global)

"Bankroll is the best way to HODL and grow your crypto!"

"Bankroll is a premiere decentralized finance network on TRON. It implements a voluntary, sustainable, and permissionless global economic engine. Through a network of financial contracts the platform provides rewards in TRX, BNKRX, and BNKR. Bankroll... play to win!!!"

"Bankroll is a premiere decentralized finance network on the TRON blockchain. It implements a voluntary, sustainable, and permissionless economic global engine. Through a network of financial contracts the platform provides rewards in TRX, BNKR, BNKRX, and BTT. Bankroll… play and win!!! Bankroll simply put is a decentralized community bank. As a financial mutual organization; Bankroll holds a native store of value tied to TRON. These tokens are BNKR and BNKRX. BNKR is our digital cash and is more liquid than VLT on the Ethereum side of the network. BNKRX is our elastic reward token, which scales to the savings rate of the community. Both tokens are supported by several contracts which mine, exchange, and store value on the network."

Bankroll's Twitter/X account has not had activity since February 2022.

The Bankroll Network is an old set of smart contracts, where users provided unlimited approvals. The smart contract was exploitable, and multiple wallets were still in use with assets that could be taken.

Unlimited approvals allows a compromised smart contract to drain those wallets. It is suspected that many users did not realize that their wallets were still hooked up to the vulnerable smart contract.

According to TenArmorAlert, the loss total is $65k.

Numerous security firms appear to have identified and reported on the attacks. Losses were reported as $65k by TenArmor.

There doesn't appear to be any sign of life from the Bankroll project.

There is no indication of recovery.

There is no indication that any further investigation is underway.

Further Analysis

The Bankroll Network, a decentralized finance project on BSC and ETH blockchains, suffered a security breach due to vulnerabilities in its old smart contracts. These contracts had unlimited token approvals, allowing an attacker to drain user wallets still connected to them. Despite the project's inactivity since February 2022, some users kept their wallets connected to the smart contract. The attack resulted in a loss of approximately $65,000, according to TenArmorAlert. Multiple security firms flagged the issue, but there has been no response from the Bankroll team, no recovery efforts, and no ongoing investigation.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Abstract Chain Posts $ABS Solana Token Hacked Twitter/X > > < < A16Z Fake Solana Token Launch On Compromised Twitter/X

Sources/Further Reading

SlowMist - "SlowMist TI Alert. MistEye has detected potential suspicious activities related to the @Bankroll_Status. As always, stay vigilant!" - Twitter/X (Dec 31)
Bankroll Network Stack - BSCScan (Dec 31)
Bankroll Network Exploit Transaction - BSCScan (Dec 31)
TenArmorAlert - "Our system has detected multiple suspicious attacks involving #BankrollNetworkStack @Bankroll_Status on #BSC #ETH, resulting in an approximately loss of $65K so far." - Twitter/X (Dec 31)
Bankroll Network Exploit Transaction - BSCScan (Dec 31)
Bankroll Network Exploit Transaction - BSCScan (Dec 31)
Bankroll Network Exploit Transaction - Etherscan (Dec 31)
BlockAid - "Community alert: Our real-time exploit detection systems have identified an exploit targeting an old @Bankroll_Status contract. This exploit allows attackers to drain funds from addresses that have approved this contract, please revoke approvals for these contracts ASAP" - Twitter/X (Dec 31)
GoPlusZH - "Attack transaction example" - Twitter/X (Dec 31)
GoPluzZH - "An attack targeting an old version of the on-chain contracts of the decentralized finance network @Bankroll_Status is currently underway. This vulnerability allows attackers to withdraw funds from user addresses that have approved the contract." - Twitter/X (Dec 31)
@Bankroll_Status Twitter (Dec 31)
Bankroll Network Homepage (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.