Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$16 000 USD

JUNE 2025

GLOBAL

TOKENVAULT

DESCRIPTION OF EVENTS

The TokenVault smart contract was originally created by an entity called "donfunction.bnb" on June 29th, 2021.

 

Address: 0xe968d2e4adc89609773571301abec3399d163c3b

 

Unfortunately, the smart contract contained a vulnerability.

 

The attack was similar to the Bankroll exploit. In the Bankroll exploit, assets of any users who had approved the smart contract with unlimited permissions could be taken.

 

Exploit Transaction: 0xf34e59e4fe2c9b454d2b73a1a3f3aaf07d484a0c71ff8278b1c068cdedc4b64d

 

Victim Contract Address: 0xe968d2e4adc89609773571301abec3399d163c3b

 

The loss amount was reported by TenArmor as $16.4k.

 

The attack appears to have only been detected and reported on by TenArmor and BlockThreat.

 

There is no indication that this project is still active.

 

There is no indication that any funds have been recovered.

 

It is unclear if any investigation will be undertaken or any recovery is available.

 

Explore This Case Further On Our Wiki

A 2021 smart contract named TokenVault, created by "donfunction.bnb" was deployed with a critical vulnerability. Similar to the Bankroll exploit, this flaw allowed attackers to drain funds from users who had granted the contract unlimited token permissions. The exploit resulted in a reported loss of $16.4k. The incident was reported by TenArmor and BlockThreat, with no signs of ongoing project activity, fund recovery, or pending investigations.

TenArmor - "Our system has detected a suspicious attack involving an old contract #TokenVault on #BSC, resulting in an approximately loss of $16.4K. Similar to the BankrollNetwork attack from days ago, it appears someone is finding and exploiting these older, similarly vulnerable contracts." - Twitter/X (Jul 30)
Exploit Transaction Attacking TokenVault - BscScan (Jul 30)
Exploit Transaction Attacking TokenVault - Blocksec (Jul 30)
Exploit Transaction Attacking TokenVault - MetaSleuth (Jul 30)
Week 25, 2025 - BlockThreat (Jul 30)
Victim Smart Contract Address - BSCScan (Jul 30)
Victim Smart Contract Creation - BSCScan (Jul 30)

Sources And Further Reading

More case studies

Abstract Chain Posts $ABS
Solana Token Hacked Twitter/X

CoinMarketCap Front-End Compromise
Connect Wallet Phishing

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2026 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.