QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$19 000 USD
APRIL 2025
GLOBAL
BTNFT
DESCRIPTION OF EVENTS
The BTNFT smart contract was created on January 3rd, 2025. It is unclear if this is somehow related to BitTorrent.
Smart Contract Address: 0x0fc91b6fea2e7a827a8c99c91101ed36c638521b
According to TenArmor, this is "[a] simple logic bug! Anyone can claim the BTT token reward by transferring BTTNFT to the contract itself without validation of NFT ownership."
TenArmor and Tikkala Security have both reported that the amount lost was $19k.
It is unclear how the project or those who may be affected have reacted. The incident was reported on by Tikkala Security and TenArmor.
There does not appear to be any announcement about the incident. It is believed that there is no recovery or investigation underway.
There is no indication that any assistance is available for affected users.
It is unclear if any future investigation or recovery will occur.
The BTNFT smart contract was deployed, though its connection to BitTorrent remains uncertain. A vulnerability in the contract's logic allowed anyone to exploit the reward mechanism by transferring BTNFT tokens to the contract without needing to prove NFT ownership. This flaw enabled unauthorized claims of BTT token rewards. Security firms TenArmor and Tikkala Security reported the exploit, estimating the total loss at $19,000. As of now, there has been no public response from the project, no recovery effort or investigation announced, and no support offered to affected users.
TenArmor - "Our system has detected a suspicious attack involving #BTNFT on #BSC, resulting in an approximately loss of $19K." - Twitter/X (Aug 5)
First Attack Transaction - BSCScan (Aug 5)
Second Attack Transaction - BSCScan (Aug 5)
Tikkala Research - "BTNFT was hacked and it lost about $19k." - Twitter/X (Aug 5)
The Attacker's BSC Address - BSCScan (Aug 5)
BTNFT Smart Contract Address - BSCScan (Aug 5)
Binance Transaction Hash: 0x250217f069... (Aug 5)
