KRC Smart Contract Deflationary Mechanism Burn Exploit
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
An attacker exploited a vulnerability in the KRC smart contract on Binance Smart Chain by bypassing `transfer()` restrictions to burn tokens from the liquidity pair during sell swaps, ultimately profiting $37.1k in USDT through a deflationary mechanism, with no response or recovery efforts confirmed as of now.[1][2][3][4][5][6][7][8]
About KRC
The KRC smart contract on the Binance Smart Chain was launched on May 22nd.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
An attacker exploited a vulnerability in the KRC smart contract to burn tokens during sell swaps and gain $37.1k in USDT.
| Date | Event | Description |
|---|---|---|
| May 22nd, 2025 7:56:24 AM MDT | KRC Token Smart Contract Launched | The KRC token smart contract is launched on the Binance Smart Chain. |
| May 23rd, 2025 4:13:45 PM MDT | Malicious Smart Contract Launched | The attacker launches a malicious smart contract in preparation for the attack against the KRC token. |
| May 23rd, 2025 4:18:03 PM MDT | First Suspicious Attack Transaction | First suspicious attack transaction against the KRC smart contract is exploited on Binance Smart Chain. |
| May 23rd, 2025 4:19:15 PM MDT | Second Suspicious Attack Transaction | Second suspicious attack transaction against the KRC smart contract is exploited on Binance Smart Chain. |
| May 23rd, 2025 8:27:00 PM MDT | TenArmor Posts Announcement | TenArmor posts an announcement that they have detected the suspicious transaction on the KRC token. |
Technical Details
TenArmor reports that the attack reportedly occurred because the attacker was able to bypass the restrictions in the `transfer()` function and burned KRC tokens from the liquidity pair during each sell swap. As a result, they ultimately received more USDT due to the deflationary burning mechanism.
Total Amount Lost
The loss total was reported by TenArmor as $37.1k.
The total amount lost has been estimated at $37,000 USD.
Immediate Reactions
It's unclear whether or not the project has ever responded to the attack.
Ultimate Outcome
The incident was reported on by TenArmor.
Total Amount Recovered
There is no indication that any funds have yet been recovered.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
It's unclear if there is any investigation undergoing or potential recovery which may be possible.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ TenArmor - "Our system has detected a suspicious attack involving #KRC token on #BSC, resulting in an approximately loss of $37.1 K. It appears that the attacker bypassed the restrictions in the transfer() function and burned KRC tokens from the pair in every sell swap, finally got more USDT due to the deflationary burning mechanism." - Twitter/X (Accessed Jul 31, 2025)
- ↑ First Suspicious Transaction Against KRC - BSCScan (Accessed Jul 31, 2025)
- ↑ Second Suspicious Transaction Against KRC - BSCScan (Accessed Jul 31, 2025)
- ↑ KRC Exploiter Address - BSCScan (Accessed Jul 31, 2025)
- ↑ Malicious Contract By KRC Exploiter - BSCScan (Accessed Jul 31, 2025)
- ↑ Malicious Contract Created By KRC Exploiter - BSCScan (Accessed Jul 31, 2025)
- ↑ KRC Token Address - BSCScan (Accessed Jul 31, 2025)
- ↑ KRC Token Creation Transaction - BSCScan (Accessed Jul 31, 2025)