<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=YDT_Yellow_Duck_Token_proxyTransfer_Backdoor_Exploited</id>
	<title>YDT Yellow Duck Token proxyTransfer Backdoor Exploited - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=YDT_Yellow_Duck_Token_proxyTransfer_Backdoor_Exploited"/>
	<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=YDT_Yellow_Duck_Token_proxyTransfer_Backdoor_Exploited&amp;action=history"/>
	<updated>2026-07-10T01:16:39Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.39.1</generator>
	<entry>
		<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=YDT_Yellow_Duck_Token_proxyTransfer_Backdoor_Exploited&amp;diff=6904&amp;oldid=prev</id>
		<title>Azoundria: Created page with &quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ydtyellowducktokenproxytransferbackdoorexploited.php}} {{Unattributed Sources}}  Binance Security ImageThe Yellow Duck Token (YDT), launched on May 24th, suffered a \$41.4k loss due to a vulnerability—or possible backdoor—in its `proxyTransfer()` function, which allowed an attacker to transfer tokens from any address using a privileged account; the...&quot;</title>
		<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=YDT_Yellow_Duck_Token_proxyTransfer_Backdoor_Exploited&amp;diff=6904&amp;oldid=prev"/>
		<updated>2025-08-27T21:40:57Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ydtyellowducktokenproxytransferbackdoorexploited.php}} {{Unattributed Sources}}  &lt;a href=&quot;/cryptocurrencyhackscamfraudwiki/index.php?title=File:Binancesecurity.jpg&quot; title=&quot;File:Binancesecurity.jpg&quot;&gt;thumb|Binance Security Image&lt;/a&gt;The Yellow Duck Token (YDT), launched on May 24th, suffered a \$41.4k loss due to a vulnerability—or possible backdoor—in its `proxyTransfer()` function, which allowed an attacker to transfer tokens from any address using a privileged account; the...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ydtyellowducktokenproxytransferbackdoorexploited.php}}&lt;br /&gt;
{{Unattributed Sources}}&lt;br /&gt;
&lt;br /&gt;
[[File:Binancesecurity.jpg|thumb|Binance Security Image]]The Yellow Duck Token (YDT), launched on May 24th, suffered a \$41.4k loss due to a vulnerability—or possible backdoor—in its `proxyTransfer()` function, which allowed an attacker to transfer tokens from any address using a privileged account; the incident was reported by TenArmor, and there is no evidence of fund recovery or an ongoing investigation.&amp;lt;ref name=&amp;quot;tenarmortweet-20807&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;bsctransaction-20808&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;blockthreat-20809&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;ydttokenbscscan-20810&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;ydtsmartcontractcreation-20811&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== About Yellow Duck Token ==&lt;br /&gt;
YDT is short for &amp;quot;Yellow Duck Token&amp;quot;. The smart contract was launched on May 24th.&lt;br /&gt;
&lt;br /&gt;
== The Reality ==&lt;br /&gt;
This sections is included if a case involved deception or information that was unknown at the time. Examples include:&lt;br /&gt;
&lt;br /&gt;
* When the service was actually started (if different than the &amp;quot;official story&amp;quot;).&lt;br /&gt;
* Who actually ran a service and their own personal history.&lt;br /&gt;
* How the service was structured behind the scenes. (For example, there was no &amp;quot;trading bot&amp;quot;.)&lt;br /&gt;
* Details of what audits reported and how vulnerabilities were missed during auditing.&lt;br /&gt;
&lt;br /&gt;
== What Happened ==&lt;br /&gt;
A flaw in Yellow Duck Token’s `proxyTransfer()` function allowed unauthorized transfers, leading to a $41.4k loss.&lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|+Key Event Timeline - YDT Yellow Duck Token proxyTransfer Backdoor Exploited&lt;br /&gt;
!Date&lt;br /&gt;
!Event&lt;br /&gt;
!Description&lt;br /&gt;
|-&lt;br /&gt;
|May 24th, 2025 7:15:20 AM MDT&lt;br /&gt;
|Smart Contract Creation&lt;br /&gt;
|The Yellow Duck Token smart contract is first created.&lt;br /&gt;
|-&lt;br /&gt;
|May 25th, 2025 12:16:52 AM MDT&lt;br /&gt;
|Suspicious YDT Transaction&lt;br /&gt;
|The suspicious transaction is accepted by the Binance Smart Chain.&lt;br /&gt;
|-&lt;br /&gt;
|May 25th, 2025 4:34:00 AM MDT&lt;br /&gt;
|TenArmor Posting Incident Tweet&lt;br /&gt;
|TenArmor posts about the suspicious transaction.&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&amp;quot;A simple bug (or possibly a backdoor?) in the proxyTransfer() function allows an attacker to transfer tokens from any address by passing in a privileged address.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Total Amount Lost ==&lt;br /&gt;
TenArmor reports losses as $41.4k.&lt;br /&gt;
&lt;br /&gt;
The total amount lost has been estimated at $41,000 USD.&lt;br /&gt;
&lt;br /&gt;
== Immediate Reactions ==&lt;br /&gt;
The incident was reported on by TenArmor. It is unclear if the project has any public face.&lt;br /&gt;
&lt;br /&gt;
== Ultimate Outcome ==&lt;br /&gt;
It is unclear if any funds have been recovered or any investigation is underway.&lt;br /&gt;
&lt;br /&gt;
== Total Amount Recovered ==&lt;br /&gt;
There is no suggestion that any funds have been recovered.&lt;br /&gt;
&lt;br /&gt;
There do not appear to have been any funds recovered in this case.&lt;br /&gt;
&lt;br /&gt;
== Ongoing Developments ==&lt;br /&gt;
The incident appears to have faded to history. There's no indication that anything is still being investigated.&lt;br /&gt;
== Individual Prevention Policies ==&lt;br /&gt;
{{Prevention:Individuals:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Individuals:End}}&lt;br /&gt;
&lt;br /&gt;
== Platform Prevention Policies ==&lt;br /&gt;
{{Prevention:Platforms:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Platforms:End}}&lt;br /&gt;
&lt;br /&gt;
== Regulatory Prevention Policies ==&lt;br /&gt;
{{Prevention:Regulators:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Regulators:End}}&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&amp;lt;references&amp;gt;&amp;lt;ref name=&amp;quot;tenarmortweet-20807&amp;quot;&amp;gt;[https://twitter.com/TenArmorAlert/status/1926587721885040686 TenArmor - &amp;quot;Our system has detected a suspicious attack involving #YDT token on #BSC, resulting in an approximately loss of $41.4K. A simple bug (or possibly a backdoor?) in the proxyTransfer() function allows an attacker to transfer tokens from any address by passing in a privileged address.&amp;quot; - Twitter/X] (Accessed Jul 31, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;bsctransaction-20808&amp;quot;&amp;gt;[https://bscscan.com/tx/0x233b21d0355108593c3f136797aed886ae1d4655384b33d67b1fccee88cdfbc2 Suspicious YDT Transaction - BSCScan] (Accessed Jul 31, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;blockthreat-20809&amp;quot;&amp;gt;[https://newsletter.blockthreat.io/p/blockthreat-week-21-2025 Week 21, 2025 - BlockThreat] (Accessed Jul 31, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ydttokenbscscan-20810&amp;quot;&amp;gt;[https://bscscan.com/address/0x3612e4cb34617bcac849add27366d8d85c102efdd YDT Token Smart Contract - BSCScan] (Accessed Jul 31, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;ydtsmartcontractcreation-20811&amp;quot;&amp;gt;[https://bscscan.com/tx/0xe758400cb8328afc71f330f852cbc4e7601bc783b5c32256e14fadf28a19a19e YDT Smart Contract Creation - BSCScan] (Accessed Jul 31, 2025)&amp;lt;/ref&amp;gt;&amp;lt;/references&amp;gt;&lt;/div&gt;</summary>
		<author><name>Azoundria</name></author>
	</entry>
</feed>