QI Quadriga Initiative

Apr 2025 - YB Token Sandwich Attack Due To No Slippage Protection - $15k (Global)

The YB token smart contract was first launched on May 18th, 2024.

Unfortunately the YB smart contract triggers swaps without proper slippage protection.

The YB Token contract automatically triggers a bot to perform token swaps during transfers, but it lacks slippage protection. This vulnerability allows attackers to manipulate prices and execute sandwich attacks to profit from the bot’s unprotected swaps.

The YB Token contract has an automated feature in its _tokenTransfer function that triggers a bot contract to perform swaps—swapBuy when users sell, and swapSell when they buy.

However, this automation lacks slippage protection, creating a vulnerability. Attackers can exploit this by manipulating token prices in the liquidity pool with small trades, then launching sandwich attacks—placing their own trades before and after the bot’s unprotected swap—to profit from the resulting price difference.

Transaction ID: 0xe1e7fa81c3761e2698aa83e084f7dd4a1ff907bcfc4a612d54d92175d4e8a28b

TenArmor reports an approximate loss of $15.3k.

It is unclear who is behind the BY smart contract.

The sandwich attack was noticed and details were captured by VeriChain and TenArmor.

There is no indication that any funds have been recovered.

It is unclear if any further investigation is ongoing, or there is any hope of recovering funds.

Further Analysis

The YB token smart contract, launched on May 18th, 2024, had a vulnerability in its _tokenTransfer function, which automatically triggers a bot to perform token swaps without proper slippage protection. This flaw allowed attackers to manipulate token prices in the liquidity pool and execute sandwich attacks to profit from the bot's unprotected swaps. One such attack, recorded under transaction ID 0xe1e7...a28b, resulted in an estimated loss of $15.3k, as reported by TenArmor. The attack was detected by VeriChain and TenArmor, but the identity behind the YB contract remains unknown, and there is no indication that any funds have been recovered or that further investigation is underway.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

BTNFT Contract BTT Rewards Not Validating NFT Ownership > > < < DIN Twitter/X Account Wallet Drainer Phishing Website

Sources/Further Reading

TenArmor - "Our system has detected a suspicious sandwich attack involving #YB on #BSC, resulting in an approximately loss of $15.3K." - Twitter/X (Dec 31)
Sandwich Attack Transaction - BSCScan (Dec 31)
YB token hack analysis - by TK - Verichains (Dec 31)
Week 16, 2025 - BlockThreat (Dec 31)
Address Of The Attacker - BSCScan (Dec 31)
Vulnerable Smart Contract - BSCScan (Dec 31)
Vulnerable Smart contract Creation - BSCScan (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.