$119 000 USD
DESCRIPTION OF EVENTS
"TronBank - A financial game that runs entirely on Tron smart contract, with daily ROI 3.6%~6.6%. It's an open transparent contract that automatically generates revenue every second."
On April 11th, "the Tronbank team’s second game, BTTBank, was attacked by hackers with counterfeit money within 3 hours of the release and stole tens of millions of BTTs (not 180 million BTT)."
"BTT is a TRC-10 utility token based on the blockchain that powers features of the most popular decentralized protocols and applications in the world. DApps powered by BTT include BitTorrent Speed, BitTorrent File System, DLive, and others in the pipeline."
"Tron Dapp TronBank was attacked by Fake token attack at 1 am, about 170 million BTT were stolen in 1 hour (worth about 850,000 yuan). Monitoring showed that the hacker created a fake token BTTx to initiate the "invest" function to the contract, and the contract did not determine whether the sender's token id was consistent with the BTT real token id1002000."
Tron Bank is a smart contract which offers investors interest on tokens deposited. The smart contract hot wallet was vulnerable and a hacker was able to create a transaction involving fake tokens to steal the funds. There doesn't appear to be any mention of a recovery, so it's assumed affected users lost all their funds.
HOW COULD THIS HAVE BEEN PREVENTED?
The safest storage for funds is offline multi-signature storage held by at least 3 of 4 known and trained individuals. The remaining hot wallet balance can be insured using a industry-based insurance fund, and would only be approved after review by two separate validation firms, which in the case of a smart contract would include an audit. Any one of these measures would have avoided the loss.
SlowMist Hacked - SlowMist Zone (Nov 6)
https://www.ibtctrade.com/breaking_news/1796.html?lang=en (Dec 19)
Tronbank - A Financial game | CariGold Forum (Dec 19)
https://www.bittorrent.com/token/btt/ (Dec 19)
https://coinmarketcap.com/currencies/bittorrent/historical-data/ (Dec 19)
DAPP trend list: all vulnerability wave fields on EOS may be reproduced Blockchain Network (Dec 19)
(SCAM ALERT) TRON BANK (Dec 30)
https://archive.vn/3uDHe (Dec 30)