QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$41 000 USD
MAY 2025
GLOBAL
YELLOW DUCK TOKEN
DESCRIPTION OF EVENTS
YDT is short for "Yellow Duck Token". The smart contract was launched on May 24th.
"A simple bug (or possibly a backdoor?) in the proxyTransfer() function allows an attacker to transfer tokens from any address by passing in a privileged address."
TenArmor reports losses as $41.4k.
The incident was reported on by TenArmor. It is unclear if the project has any public face.
It is unclear if any funds have been recovered or any investigation is underway.
There is no suggestion that any funds have been recovered.
The incident appears to have faded to history. There's no indication that anything is still being investigated.
The Yellow Duck Token (YDT), launched on May 24th, suffered a \$41.4k loss due to a vulnerability—or possible backdoor—in its `proxyTransfer()` function, which allowed an attacker to transfer tokens from any address using a privileged account; the incident was reported by TenArmor, and there is no evidence of fund recovery or an ongoing investigation.
TenArmor - "Our system has detected a suspicious attack involving #YDT token on #BSC, resulting in an approximately loss of $41.4K. A simple bug (or possibly a backdoor?) in the proxyTransfer() function allows an attacker to transfer tokens from any address by passing in a privileged address." - Twitter/X (Jul 31)
Suspicious YDT Transaction - BSCScan (Jul 31)
Week 21, 2025 - BlockThreat (Jul 31)
YDT Token Smart Contract - BSCScan (Jul 31)
YDT Smart Contract Creation - BSCScan (Jul 31)
