QI Quadriga Initiative

Jun 2025 - TokenVault Old Smart Contract Exploited Similarly To Bankroll - $16k (Global)

The TokenVault smart contract was originally created by an entity called "donfunction.bnb" on June 29th, 2021.

Address: 0xe968d2e4adc89609773571301abec3399d163c3b

Unfortunately, the smart contract contained a vulnerability.

The attack was similar to the Bankroll exploit. In the Bankroll exploit, assets of any users who had approved the smart contract with unlimited permissions could be taken.

Exploit Transaction: 0xf34e59e4fe2c9b454d2b73a1a3f3aaf07d484a0c71ff8278b1c068cdedc4b64d

Victim Contract Address: 0xe968d2e4adc89609773571301abec3399d163c3b

The loss amount was reported by TenArmor as $16.4k.

The attack appears to have only been detected and reported on by TenArmor and BlockThreat.

There is no indication that this project is still active.

There is no indication that any funds have been recovered.

It is unclear if any investigation will be undertaken or any recovery is available.

Further Analysis

A 2021 smart contract named TokenVault, created by "donfunction.bnb" was deployed with a critical vulnerability. Similar to the Bankroll exploit, this flaw allowed attackers to drain funds from users who had granted the contract unlimited token permissions. The exploit resulted in a reported loss of $16.4k. The incident was reported by TenArmor and BlockThreat, with no signs of ongoing project activity, fund recovery, or pending investigations.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

CoinMarketCap Front-End Compromise Connect Wallet Phishing > > < < Abstract Chain Posts $ABS Solana Token Hacked Twitter/X

Sources/Further Reading

TenArmor - "Our system has detected a suspicious attack involving an old contract #TokenVault on #BSC, resulting in an approximately loss of $16.4K. Similar to the BankrollNetwork attack from days ago, it appears someone is finding and exploiting these older, similarly vulnerable contracts." - Twitter/X (Dec 31)
Exploit Transaction Attacking TokenVault - BscScan (Dec 31)
Exploit Transaction Attacking TokenVault - Blocksec (Dec 31)
Exploit Transaction Attacking TokenVault - MetaSleuth (Dec 31)
Week 25, 2025 - BlockThreat (Dec 31)
Victim Smart Contract Address - BSCScan (Dec 31)
Victim Smart Contract Creation - BSCScan (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.