QI Quadriga Initiative

Sep 2025 - Burned Finance Burn Token Smart Contract Rewards Exploit - $151k (Global)

Burned Finance's Burn Token was launched on December 17, 2023, and is reportedly based on their earlier Burn and Build project. The project describes that users should "Just hold Burn and participate in community development."

The project remained active on Twitter/X up until August 9th, 2024.

Unfortunately, the smart contract appears to contain a vulnerability which allowed the attacker to obtain burned tokens as rewards.

According to TenArmor, "[i]t appears that the attacker managed to obtain more burned tokens as rewards from the contract 0x93fd, and then sold them for profit. And this attacker is a habitual offender."

No other analyses could be located online.

The exploiter appears to have been involved in a previous RoulettePotV2 exploit.

TenArmor reports the total losses as $150.9k USD.

The incident was later reported by TenArmor.

It does not appear that there have been any further posts made by the Burned Finance team. Their last post was made on August 9th.

There is no indication of any response from the project.

It is unclear if the project may ever respond and if any effort will be undertaken to assist any affected users.

Further Analysis

Burned Finance launched its Burn Token on December 17, 2023, as part of a community-focused project encouraging users to hold the token and support development. However, a vulnerability in its smart contract later allowed an attacker to exploit the system and claim burned tokens as rewards, which were then sold for profit. The attacker, reportedly a repeat offender linked to a previous exploit of RoulettePotV2, caused losses totaling approximately $150,900, according to TenArmor. The project's social media presence was last seen on August 9, 2024, and no public response or remediation efforts have been made by the Burned Finance team since the exploit.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

LyraDepositWrapper Incorrect Deposit Funds Lost To MEV Bot > > < < Yala Protocol Dormant OFTU Unauthorized Mint And Bridge

Sources/Further Reading

TenArmor - "Our system has detected a suspicious attack involving #Burnedfi @Burn_building on #BSC, resulting in an approximately total loss of $150.9K." - Twitter/X (Dec 31)
One Of The Attack Transaction - BSCScan (Dec 31)
One Attack Transaction - BlockSec Explorer (Dec 31)
Burnedfi (burn_building) Twitter/X Account (Dec 31)
BurnedFi - "Burn & Bond: Redefining DeFi! $Burn: Ownerless token! Fair, game-changing burn. Community + lockups = value rocket!" - Twitter/X (Dec 31)
https://flooz.xyz/burnedfi (Dec 31)
BurnedFi Homepage (Dec 31)
burnArmy Twitter/X Account (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.