Back to all stories
Incident Analysis
Slippery Rug: The Uncontrolled Launch of Smashcash
Slippery Rug: The Uncontrolled Launch of Smashcash

Project name: Smashcash

Project type: Token

Date of exploit: Feb 13, 2023

Asset loss: ~45.6 BNB

Vulnerability: Initial Token Distribution

Date of audit report publishing: Dec 30, 2021

Conclusion: In Scope

Details of the Exploit


Smashcash is an ERC-20 token contract deployed on Binance Smart Chain.

Nature of the Vulnerability

  • While the token contract deployment, the Smashcash distributed the token as follows:

Screenshot 2024-01-08 at 5.40.31 AM Screenshot 2024-01-08 at 5.40.55 AM

CertiK Audit Overview

Screenshot 2024-01-08 at 5.44.01 AM


On Feb 13, 2023, Smashcash was reported with a potential rug pull implanted within the initial token distribution, where the wallets that received the initial distribution sold the tokens for ~45.6 BNB. The vulnerability is related to the initial token distribution that the project controlled most of the tokens and can be sold without restriction.


Deployment address: 0x3d0e93bfcb8fb46331ea8c98b6ab8c575ab424c3