QI Quadriga Initiative

Dec 2024 - RunWay (BYC) Burn Function Lacks Access Control - $102k (Global)

BYC is a token on the Binance Smart Chain created on November 27th. The token does not appear to have any social media presence or website associated with it.

"This is a classic arbitrary burn vulnerability in the token’s transfer function. The autoBurnLiquidity function lacks access control, allowing anyone to burn tokens from the pair at will—easy profit!"

"It is a price manipulation issue due to the token's flawed mechanism, which automatically burns tokens from pairs once the token balance exceeds a threshold (e.g., lpBurnFrequency). By triggering the burn process, the attacker sandwiched it with swaps, profiting from the price distortion caused by the token burn."

SlowMist - $100k. Phalcon_xyz: $102.4k

"ALERT! Our system detected an attack on the unknown #BYC token on BSC, resulting in ~$100k in losses."

"According to the SlowMist security team’s monitoring, RunWay (BYC) appears to have been attacked on BSC, resulting in a loss of approximately $100K."

The TenArmorAlert "system has detected a suspicious attack involving #BYC on #BSC, resulting in an approximately loss of $102.4K."

Further Analysis

BYC is a token on the Binance Smart Chain (BSC), created on November 27th, but apparently lacking social media presence or a website. The token is vulnerable to an arbitrary burn attack due to flaws in its transfer function, specifically in the autoBurnLiquidity mechanism that lacks access control. This vulnerability allows anyone to burn tokens from liquidity pairs, enabling attackers to profit by manipulating the token's price. The attack, which triggered the burn process and caused price distortion, resulted in approximately $102.4K in losses, as detected by security systems like SlowMist and TenArmorAlert. There does not appear to be a reachable team behind the token to assist any affected holders.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

VestraDAO Locked Staking User Still Marked Active > > < < GAGAW Contract Flawed Token Transfer Logic Exploited

Sources/Further Reading

@SlowMist_Team Twitter (Dec 31)
@TenArmorAlert Twitter (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
@TenArmorAlert Twitter (Dec 31)
BYC exploiter | Address 0x14cfa851ff34952a223ea7fdf621a05b128411ef | BscScan (Dec 31)
RunWay (BYC) Token Tracker | BscScan (Dec 31)
RunWayERC20 | Address 0x9a69eb74060e2808344ac35bb5825051b89bbe76 | BscScan (Dec 31)
@SlowMist_Team Twitter (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.