$119 000 USD

APRIL 2019




"TronBank - A financial game that runs entirely on Tron smart contract, with daily ROI 3.6%~6.6%. It's an open transparent contract that automatically generates revenue every second."


On April 11th, "the Tronbank team’s second game, BTTBank, was attacked by hackers with counterfeit money within 3 hours of the release and stole tens of millions of BTTs (not 180 million BTT)."


"BTT is a TRC-10 utility token based on the blockchain that powers features of the most popular decentralized protocols and applications in the world. DApps powered by BTT include BitTorrent Speed, BitTorrent File System, DLive, and others in the pipeline."


"Tron Dapp TronBank was attacked by Fake token attack at 1 am, about 170 million BTT were stolen in 1 hour (worth about 850,000 yuan). Monitoring showed that the hacker created a fake token BTTx to initiate the "invest" function to the contract, and the contract did not determine whether the sender's token id was consistent with the BTT real token id1002000."

Tron Bank is a smart contract which offers investors interest on tokens deposited. The smart contract hot wallet was vulnerable and a hacker was able to create a transaction involving fake tokens to steal the funds. There doesn't appear to be any mention of a recovery, so it's assumed affected users lost all their funds.


The safest storage for funds is offline multi-signature storage held by at least 3 of 4 known and trained individuals. The remaining hot wallet balance can be insured using a industry-based insurance fund, and would only be approved after review by two separate validation firms, which in the case of a smart contract would include an audit. Any one of these measures would have avoided the loss.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.