Summary
BTC24H is an ERC-20 token and associated DAO platform launched on Polygon in late 2024, marketed as a mechanism for continuous Bitcoin distribution through high-yield daily payouts. The platform's Lock contract suffered a critical access-control vulnerability in December 2024 that allowed any caller to drain tokens, resulting in an estimated $85,700 loss. Multiple independent scam-detection services rate associated BTC24H web domains as high-risk or outright malicious, and the project's tokenomics — 5% daily returns for 30 days via a multi-level referral structure — exhibit structural characteristics consistent with unsustainable high-yield investment programs.
Connected Entities
1 entitiesTimeline(5 events)
2024-11-01
Domain bitcoin24h.net registered (approximate, based on Scamadviser analysis noting November 2024 registration date).
2024-12-01
BTC24H token (0xbcde600B) deployed on Polygon PoS; Uniswap v3 liquidity pools created with near-zero liquidity.
2024-12-16
BTC24H Lock contract on Polygon exploited via missing eligibility check in the 'claim' function; estimated loss of $85,700. Exploit transaction: 0x554c9e4067e3bc0201ba06fc2cfeeacd178d7dd9c69f9b211bc661bb11296fde.
2024-12-17
SlowMist Weekly Security Report documents the BTC24H Polygon exploit. Security monitors @TenArmorAlert, @0xCommitAudits, and @IncentiveFi flag the suspicious activity.
2025-01-27
Quadriga Initiative publishes case study formally documenting the BTC24H claim system contract missing eligibility check, classifying the loss at approximately $86,000.
Decision Log
- hash: 4BPFJFqCK2h81anxiEyjwnE75EEjZ3df4zRUtVA7VHPf
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:26 AM
last updated: 5/30/2026, 4:56:42 AM
avoid.net — verified advice for a post-truth world