NCD Token Contract Vulnerability
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Isn't it nice when large multinational entities supposedly launch a token? Such is the claim of the NCD token, representing National Children's Day, which also claimed affiliation with UNICEF and IDWF, and that funds would be used to help impoverished children. After a breach worth approximately $20,000, there doesn't appear to be any sort of announcement. Hopefully the hacker was an impoverished child.[1][2][3][4][5][6][7][8][9]
About NCD Token
"NCD (International Children’s Day Token) is an innovative blockchain project launched based on Binance Smart Chain (BSC)."
"The International Children's Day on June 1st every year is a festival dedicated to the happiness and well -being of children in the world. This year is this important festival 75th anniversary. To commemorate this milestone, IDWF and UNICEF cooperated to launch NCD tokens, which is a reflection of children's blessings. Digital assets of Lihe Global Unity."
"The NCD token project represents the unique and meaningful knot of blockchain technology and charity donations. combine. By using the power of decentralized finance, we aim to create a transparent and high Effective and influential ecosystems support children around the world. With our partner and Together with the global community, we are committed to the lasting life of poor children."
"NCD (International Children's Day tokens) is an innovative blockchain project, based on Binance smart chain (BSC) launched, aiming to celebrate the 75th anniversary of the International Children's Day. The project is by the International Democratic Women's Federation (IDWF) and the United Nations Children's Foundation (UNICEF), which aims to put modern decentralized finance (DEFI) Integrate into the International Children's Charity Fund to establish a global network ecology around children's welfare system. The issuance of 610 million NCD tokens marks the beginning of this transformation plan and aims to support poverty Children, promote social benefits and benefit humanity."
The Reality
The claimed affiliations with UNICEF and IDWF are highly questionable. There is no indication that the smart contract has been audited externally.
What Happened
"NCD on BNBChain was attacked, resulting in a loss of approximately $20,000."
| Date | Event | Description |
|---|---|---|
| May 26th, 2024 12:54:00 AM MDT | Twitter Announcement | The upcoming launch date of June 1st is announced on Twitter. |
| June 1st, 2024 5:23:07 AM MDT | Smart Contract Created | The NCD smart contract is created. |
| June 1st, 2024 10:40:00 PM MDT | Twitter Announcement | The National Children's Day token launch is announced on Twitter. |
| June 3rd, 2024 6:31:36 AM MDT | Attack Transaction Happens | The suspicious transaction is recordded on the blockchain. |
| June 3rd, 2024 8:41:00 PM MDT | SlowMist Tweet | SlowMist tweets about the suspicious transaction. |
| June 4th, 2024 12:33:00 AM MDT | ChainAegis Analysis | ChainAegis publishes an analysis including identifying the owner of the token and blockchain transaction. |
| June 4th, 2024 7:09:00 AM MDT | Nicholas Forensics Tweet | A tweet by Nicholas Forensics recognizes an issue. |
Technical Details
Transaction: 0xa6ab1aaccb51485124abe26c4ddcf17c308277b77cc2064f028f1cff54f8893a
Total Amount Lost
"According to monitoring by the SlowMist security team, NCD on BNBChain was attacked, resulting in a loss of approximately $20,000."
"$NCD of @LauraAg89542328 on #BNBChain was attacked, lost ~$20,000."
The total amount lost has been estimated at $20,000 USD.
Immediate Reactions
"According to monitoring by the SlowMist security team, NCD on BNBChain was attacked, resulting in a loss of approximately $20,000."
"$NCD of @LauraAg89542328 on #BNBChain was attacked, lost ~$20,000."
Ultimate Outcome
Situation was not even mentioned by the team.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Accessed Jun 18, 2024)
- ↑ @SlowMist_Team Twitter (Accessed Jun 18, 2024)
- ↑ NCD | Address 0x9601313572ecd84b6b42dbc3e47bc54f8177558e | BscScan (Accessed Jun 18, 2024)
- ↑ @villahacker001 Twitter (Accessed Jun 18, 2024)
- ↑ BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Accessed Jun 18, 2024)
- ↑ @ChainAegis Twitter (Accessed Jun 18, 2024)
- ↑ @LauraAg89542328 Twitter (Accessed Jun 18, 2024)
- ↑ NCD (Accessed Jun 18, 2024)
- ↑ @LauraAg89542328 Twitter (Accessed Jun 18, 2024)