Bankroll Network Legacy Contract Unlimited Permissions Drain

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Bankroll Network Logo/Homepage

The Bankroll Network, a decentralized finance project on BSC and ETH blockchains, suffered a security breach due to vulnerabilities in its old smart contracts. These contracts had unlimited token approvals, allowing an attacker to drain user wallets still connected to them. Despite the project's inactivity since February 2022, some users kept their wallets connected to the smart contract. The attack resulted in a loss of approximately $65,000, according to TenArmorAlert. Multiple security firms flagged the issue, but there has been no response from the Bankroll team, no recovery efforts, and no ongoing investigation.[1][2][3][4][5][6][7][8][9][10][11][12]

About Bankroll Network

"Bankroll is the best way to HODL and grow your crypto!"

"Bankroll is a premiere decentralized finance network on TRON. It implements a voluntary, sustainable, and permissionless global economic engine. Through a network of financial contracts the platform provides rewards in TRX, BNKRX, and BNKR. Bankroll... play to win!!!"

"Bankroll is a premiere decentralized finance network on the TRON blockchain. It implements a voluntary, sustainable, and permissionless economic global engine. Through a network of financial contracts the platform provides rewards in TRX, BNKR, BNKRX, and BTT. Bankroll… play and win!!! Bankroll simply put is a decentralized community bank. As a financial mutual organization; Bankroll holds a native store of value tied to TRON. These tokens are BNKR and BNKRX. BNKR is our digital cash and is more liquid than VLT on the Ethereum side of the network. BNKRX is our elastic reward token, which scales to the savings rate of the community. Both tokens are supported by several contracts which mine, exchange, and store value on the network."

Bankroll's Twitter/X account has not had activity since February 2022.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The dormant Bankroll Network smart contracts on BSC and ETH were exploited due to old smart contracts with unlimited token approvals still set up.

Key Event Timeline - Bankroll Network Legacy Contract Unlimited Permissions Drain
Date Event Description
February 10th, 2022 1:52:00 PM MST Last Tweet By Bankroll The last tweet showing up on Twitter/X in the Bankroll_Status Twitter/X account.
June 18th, 2025 4:28:59 PM MDT Attack On Ethereum Blockchain An attack transaction on the ethereum blockchain, reported by TenArmor and BlockAid.
June 18th, 2025 6:04:28 PM MDT Earliest BSC Exploit Transaction A transaction associated with the attack, reported by TenArmor and GoPlusZH.
June 19th, 2025 1:14:50 AM MDT Bankroll Network Exploited The transaction which exploits the Bankroll network on BSC, as referenced by SlowMist.
June 19th, 2025 2:00:00 AM MDT SlowMist Security Alert SlowMist posts a security alert about "suspicious activity" related to Bankroll Status.
June 19th, 2025 2:10:00 AM MDT BlockAid Security Alert BlockAid reports the BSC transaction and Ethereum transaction, noting that the exploit "allows attackers to drain funds from addresses that have approved this contract", and warning users to "revoke approvals for these contracts ASAP".
June 19th, 2025 2:27:21 AM MDT More BSC Transactions Another BSC attack transaction happens.
June 19th, 2025 2:38:00 AM MDT TenArmor Security Alert TenArmor publishes a tweet reporting on the exploit, which includes 3 separate attack transactions on Binance Smart Chain, and one attack transaction on Ethereum. They do not include any detailed analysis of the exploit transactions.
June 19th, 2025 2:43:00 AM MDT GoPlusZH Security Alert GoPlusZH reports on the ethereum and first BSC attack transaction.

Technical Details

The Bankroll Network is an old set of smart contracts, where users provided unlimited approvals. The smart contract was exploitable, and multiple wallets were still in use with assets that could be taken.

Unlimited approvals allows a compromised smart contract to drain those wallets. It is suspected that many users did not realize that their wallets were still hooked up to the vulnerable smart contract.

Total Amount Lost

According to TenArmorAlert, the loss total is $65k.

The total amount lost has been estimated at $65,000 USD.

Immediate Reactions

Numerous security firms appear to have identified and reported on the attacks. Losses were reported as $65k by TenArmor.

Ultimate Outcome

There doesn't appear to be any sign of life from the Bankroll project.

Total Amount Recovered

There is no indication of recovery.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

There is no indication that any further investigation is underway.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist - "SlowMist TI Alert. MistEye has detected potential suspicious activities related to the @Bankroll_Status. As always, stay vigilant!" - Twitter/X (Accessed Jun 23, 2025)
  2. Bankroll Network Stack - BSCScan (Accessed Jun 23, 2025)
  3. Bankroll Network Exploit Transaction - BSCScan (Accessed Jun 23, 2025)
  4. TenArmorAlert - "Our system has detected multiple suspicious attacks involving #BankrollNetworkStack @Bankroll_Status on #BSC #ETH, resulting in an approximately loss of $65K so far." - Twitter/X (Accessed Jun 23, 2025)
  5. Bankroll Network Exploit Transaction - BSCScan (Accessed Jun 23, 2025)
  6. Bankroll Network Exploit Transaction - BSCScan (Accessed Jun 23, 2025)
  7. Bankroll Network Exploit Transaction - Etherscan (Accessed Jun 23, 2025)
  8. BlockAid - "Community alert: Our real-time exploit detection systems have identified an exploit targeting an old @Bankroll_Status contract. This exploit allows attackers to drain funds from addresses that have approved this contract, please revoke approvals for these contracts ASAP" - Twitter/X (Accessed Jun 23, 2025)
  9. GoPlusZH - "Attack transaction example" - Twitter/X (Accessed Jun 23, 2025)
  10. GoPluzZH - "An attack targeting an old version of the on-chain contracts of the decentralized finance network @Bankroll_Status is currently underway. This vulnerability allows attackers to withdraw funds from user addresses that have approved the contract." - Twitter/X (Accessed Jun 23, 2025)
  11. @Bankroll_Status Twitter (Accessed Oct 25, 2024)
  12. Bankroll Network Homepage (Accessed Jun 23, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bankroll_Network_Legacy_Contract_Unlimited_Permissions_Drain&oldid=6808"