<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=TCH_Token_Transaction_Signature_Malleability_Issue</id>
	<title>TCH Token Transaction Signature Malleability Issue - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=TCH_Token_Transaction_Signature_Malleability_Issue"/>
	<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=TCH_Token_Transaction_Signature_Malleability_Issue&amp;action=history"/>
	<updated>2026-07-14T16:48:34Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.39.1</generator>
	<entry>
		<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=TCH_Token_Transaction_Signature_Malleability_Issue&amp;diff=6016&amp;oldid=prev</id>
		<title>Azoundria: Created page with &quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/tchtokentransactionsignaturemalleabilityissue.php}} {{Unattributed Sources}}  Generic Binance Security ImageThe TCH Token on the Binance Smart Chain doesn't appear to have an official website or social media, but multiple security firms found that this smart contract had been exploited and $18-$19k were drained from the smart contract. Given that there...&quot;</title>
		<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=TCH_Token_Transaction_Signature_Malleability_Issue&amp;diff=6016&amp;oldid=prev"/>
		<updated>2024-09-17T19:39:32Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/tchtokentransactionsignaturemalleabilityissue.php}} {{Unattributed Sources}}  &lt;a href=&quot;/cryptocurrencyhackscamfraudwiki/index.php?title=File:Binancesecurity.jpg&quot; title=&quot;File:Binancesecurity.jpg&quot;&gt;thumb|Generic Binance Security Image&lt;/a&gt;The TCH Token on the Binance Smart Chain doesn&amp;#039;t appear to have an official website or social media, but multiple security firms found that this smart contract had been exploited and $18-$19k were drained from the smart contract. Given that there...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/tchtokentransactionsignaturemalleabilityissue.php}}&lt;br /&gt;
{{Unattributed Sources}}&lt;br /&gt;
&lt;br /&gt;
[[File:Binancesecurity.jpg|thumb|Generic Binance Security Image]]The TCH Token on the Binance Smart Chain doesn't appear to have an official website or social media, but multiple security firms found that this smart contract had been exploited and $18-$19k were drained from the smart contract. Given that there is no indication who is behind the token, it would seem unlikely that any resolution is available for affected users.&amp;lt;ref name=&amp;quot;slowmisthackedarchive-14176&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;slowmistteamtwitter-14191&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;bscscan-14192&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;bscscan-14193&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;x-14194&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;defimon-14195&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;bscscan-14196&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;bscscan-14197&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;poocoinapp-14198&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;apespace-14199&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;dexanalyzer-14200&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== About TCH Token ==&lt;br /&gt;
Address: https://bscscan.com/address/0x5d78cfc8732fd328015c9b73699de9556ef06e8e&lt;br /&gt;
&lt;br /&gt;
Unclear if potentially related:&lt;br /&gt;
https://bscscan.com/address/0x9c6c2617D408F50fEF599A3e03c4c464293fdAD3|Jun 7, 2024&lt;br /&gt;
https://tchtoken.com/|Jun 7, 2024&lt;br /&gt;
https://www.tradingview.com/symbols/TCHUSDT/minds/|Jun 7, 2024&lt;br /&gt;
https://etherscan.io/token/0x9972a0f24194447e73a7e8b6cd26a52e02ddfad5|Jun 7, 2024&lt;br /&gt;
https://coinpaprika.com/coin/tch-tch-token/|Jun 7, 2024&lt;br /&gt;
https://bscscan.com/token/0xc9586f53cd7bd2b1fa3549218e9756306cd09053|Jun 7, 2024&lt;br /&gt;
https://bscscan.com/address/0x5d78cfc8732fd328015c9b73699de9556ef06e8e|Jun 7, 2024&lt;br /&gt;
&lt;br /&gt;
== The Reality ==&lt;br /&gt;
&amp;quot;The vulnerable contract has a burnToken function that verifies a signature for authorization. To prevent signature replay it stores the used signatures in a mapping which can be bypassed if a signature is tampered.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== What Happened ==&lt;br /&gt;
&amp;quot;TCH token has been exploited for 18k due to a CTF-style signature malleability&amp;quot;&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|+Key Event Timeline - TCH Token Transaction Signature Malleability Issue&lt;br /&gt;
!Date&lt;br /&gt;
!Event&lt;br /&gt;
!Description&lt;br /&gt;
|-&lt;br /&gt;
|May 13th, 2024 9:28:13 PM MDT&lt;br /&gt;
|TCH Token Creation&lt;br /&gt;
|The TCH token smart contract is first created.&lt;br /&gt;
|-&lt;br /&gt;
|May 16th, 2024 9:42:08 AM MDT&lt;br /&gt;
|Exploit Transaction&lt;br /&gt;
|A profitable exploit which gains $18k worth of funds is highlighted by Decurity.&lt;br /&gt;
|-&lt;br /&gt;
|May 16th, 2024 12:54:00 PM MDT&lt;br /&gt;
|DecurityHQ Tweet&lt;br /&gt;
|Decurity posts a tweet highlighting the vulnerability in the TCH Token transaction.&lt;br /&gt;
|-&lt;br /&gt;
|May 17th, 2024 12:41:00 AM MDT&lt;br /&gt;
|SlowMist Tweet&lt;br /&gt;
|SlowMist tweets about the transaction and loss which they've uncovered.&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&amp;quot;TCH token has been exploited for 18k due to a CTF-style signature malleability&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The vulnerable contract has a burnToken function that verifies a signature for authorization. To prevent signature replay it stores the used signatures in a mapping which can be bypassed if a signature is tampered.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;The attacker harvested previously submitted signatures and modified the `v` part of the signature: instead of 0x01 they submitted 0x1c (28). As a result the signature was successfully verified with ecrecover, however a different sig was stored in the mapping.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;As a result the attacker burned lots of TCH tokens owned by the PancakeSwap pair, which allowed him to manipulate the price in the pool and take the profit.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Total Amount Lost ==&lt;br /&gt;
$18-$19k&lt;br /&gt;
&lt;br /&gt;
The total amount lost has been estimated at $18,000 USD.&lt;br /&gt;
&lt;br /&gt;
== Immediate Reactions ==&lt;br /&gt;
&amp;quot;According to the SlowMist security team's monitoring, the TCH token on the BNBChain has been continuously attacked due to a malleability issue, resulting in a loss of approximately $19,000.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&amp;quot;We have detected that the $TCH token is being continuously exploited due to malleability issue.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Ultimate Outcome ==&lt;br /&gt;
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?&lt;br /&gt;
&lt;br /&gt;
== Total Amount Recovered ==&lt;br /&gt;
The total amount recovered is unknown.&lt;br /&gt;
&lt;br /&gt;
What funds were recovered? What funds were reimbursed for those affected users?&lt;br /&gt;
&lt;br /&gt;
== Ongoing Developments ==&lt;br /&gt;
What parts of this case are still remaining to be concluded?&lt;br /&gt;
== Individual Prevention Policies ==&lt;br /&gt;
{{Prevention:Individuals:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Individuals:End}}&lt;br /&gt;
&lt;br /&gt;
== Platform Prevention Policies ==&lt;br /&gt;
{{Prevention:Platforms:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Platforms:End}}&lt;br /&gt;
&lt;br /&gt;
== Regulatory Prevention Policies ==&lt;br /&gt;
{{Prevention:Regulators:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Regulators:End}}&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&amp;lt;references&amp;gt;&amp;lt;ref name=&amp;quot;slowmisthackedarchive-14176&amp;quot;&amp;gt;[https://web.archive.org/web/20240523160412/https://hacked.slowmist.io/ SlowMist Hacked - SlowMist Zone] (Jun 6, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;slowmistteamtwitter-14191&amp;quot;&amp;gt;[https://twitter.com/SlowMist_Team/status/1791358365194650094 @SlowMist_Team Twitter] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;bscscan-14192&amp;quot;&amp;gt;[https://bscscan.com/address/0x5d78cfc8732fd328015c9b73699de9556ef06e8e TCHtoken | Address 0x5d78cfc8732fd328015c9b73699de9556ef06e8e | BscScan] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;bscscan-14193&amp;quot;&amp;gt;[https://bscscan.com/tx/0x563ccdc465790f86ec7295000616c5c9af7a364288d8c5b64e14a2c52e7cb3c2 BNB Smart Chain Transaction Hash (Txhash) Details | BscScan] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;x-14194&amp;quot;&amp;gt;[https://x.com/DecurityHQ/status/1791180322882629713 x.com] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;defimon-14195&amp;quot;&amp;gt;[https://defimon.xyz/attack/bsc/0xa94338d8aa312ed4b97b2a4dcb27f632b1ade6f3abec667e3bf9f002a75dabe0 https://defimon.xyz/attack/bsc/0xa94338d8aa312ed4b97b2a4dcb27f632b1ade6f3abec667e3bf9f002a75dabe0] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;bscscan-14196&amp;quot;&amp;gt;[https://bscscan.com/token/0x77fef91136b6c76e0fdf9f9d84dea18403498f07 TCH (TCH) Token Tracker | BscScan] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;bscscan-14197&amp;quot;&amp;gt;[https://bscscan.com/tx/0xa94338d8aa312ed4b97b2a4dcb27f632b1ade6f3abec667e3bf9f002a75dabe0 BNB Smart Chain Transaction Hash (Txhash) Details | BscScan] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;poocoinapp-14198&amp;quot;&amp;gt;[https://poocoin.app/tokens/0x5d78cfc8732fd328015c9b73699de9556ef06e8e PooCoin BSC Charts] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;apespace-14199&amp;quot;&amp;gt;[https://apespace.io/bsc/0x5d78cfc8732fd328015c9b73699de9556ef06e8e https://apespace.io/bsc/0x5d78cfc8732fd328015c9b73699de9556ef06e8e] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;dexanalyzer-14200&amp;quot;&amp;gt;[https://www.dexanalyzer.io/bsc/0x5d78CFc8732fd328015C9B73699dE9556EF06E8E https://www.dexanalyzer.io/bsc/0x5d78CFc8732fd328015C9B73699dE9556EF06E8E] (Jun 7, 2024)&amp;lt;/ref&amp;gt;&amp;lt;/references&amp;gt;&lt;/div&gt;</summary>
		<author><name>Azoundria</name></author>
	</entry>
</feed>