Solana · Smart Contract Security · Updated Jun 09, 2026

Is Bitcoin Bank Safe? BTCBANK

On-chain security analysis — is it a scam or legit?

Contract 9s96g1…pump DexScreener ↗
Critical Risk
Volume 24h
$220.2K
Liquidity
$56.8K
Price
$0.0004337
Token Age
15d
Top 10 Holders
0.0%

Security Checklist

2/5 checks passed
Contract VerifiedFail
Ownership RenouncedFail
No Mint FunctionPass
Liquidity LockedFail
Not a ProxyPass

Security Analysis

The Bitcoin Bank (BTCBANK) SPL Token Mint exhibits a critical vulnerability: it is currently uninitialized despite having active trading and liquidity. This state allows any malicious actor to initialize the mint, define its properties (decimals, supply, authorities), and potentially mint tokens to themselves, leading to a complete loss of value for current holders. While mint and freeze authorities are reported as revoked, this status is irrelevant for an uninitialized account. Immediate action is required to address this fundamental flaw.

The Bitcoin Bank (BTCBANK) SPL Token Mint is in a critically vulnerable state due to being uninitialized while having active trading. This poses an immediate and severe risk to all holders and liquidity providers. It is imperative that the legitimate project team immediately initializes the mint with correct parameters and then revokes all authorities to prevent malicious exploitation. Failure to do so will result in a complete loss of value for token holders. For future token deployments, consider using a 'Premium Deploy' service to ensure all token accounts are correctly initialized and configured from inception, preventing such fundamental vulnerabilities.

Audit Summary

The Bitcoin Bank (BTCBANK) SPL Token Mint exhibits a critical vulnerability: it is currently uninitialized despite having active trading and liquidity. This state allows any malicious actor to initialize the mint, define its properties (decimals, supply, authorities), and potentially mint tokens to themselves, leading to a complete loss of value for current holders. While mint and freeze authorities are reported as revoked, this status is irrelevant for an uninitialized account. Immediate action is required to address this fundamental flaw.

Final Recommendation: The Bitcoin Bank (BTCBANK) SPL Token Mint is in a critically vulnerable state due to being uninitialized while having active trading. This poses an immediate and severe risk to all holders and liquidity providers. It is imperative that the legitimate project team immediately initializes the mint with correct parameters and then revokes all authorities to prevent malicious exploitation. Failure to do so will result in a complete loss of value for token holders. For future token deployments, consider using a 'Premium Deploy' service to ensure all token accounts are correctly initialized and configured from inception, preventing such fundamental vulnerabilities.

Category Ratings

TechnicalHigh
6/10

7.1 Architecture & 7.2 Code Security: The SPL Token Mint for Bitcoin Bank (BTCBANK) is in an uninitialized state, which is a critical architectural flaw. This means core properties like decimals and supply are not set, making the token highly vulnerable to exploitation. 7.3 Access Control: While

GovernanceHigh
6/10

7.4 Economic: The token exhibits active trading with $29,272 in liquidity and $72,557 in 24h volume over 17 days. However, the uninitialized state of the mint introduces extreme economic risk, as the token's fundamental value can be destroyed by an attacker initializing the mint. 7.5 Governance

UpgradesLow
6/10

7.7 Upgrades: SPL Token Mint accounts are data structures managed by the SPL Token Program and do not possess direct upgradeability. Changes to the token's fundamental properties (like decimals or supply) are not possible once initialized and authorities are revoked. However, the current uninit

Security Findings

4 total
1 Critical 1 High 1 Medium 1 Info
C-01CriticalUnresolved

Uninitialized SPL Token Mint with Active Trading

The SPL Token Mint account for Bitcoin Bank (BTCBANK) is currently uninitialized (`Initialized: False`) despite having active liquidity ($29,272) and trading volume ($72,557). An uninitialized mint account means its core properties, such as decimals, total supply, and mint/freeze authorities, have not been set. Any actor can send an `InitializeMint` instruction to this account, defining these critical parameters. This allows a malicious actor to initialize the mint with arbitrary decimals (e.g., 0 decimals to make all tokens indivisible), set a new mint authority to themselves, and then mint an unlimited supply of tokens, effectively draining liquidity pools and rendering existing tokens wo…

Recommendation: The legitimate project team must immediately initialize the SPL Token Mint with the intended decimals and supply. After initialization, it is strongly recommended to revoke both the mint and freeze authorities to prevent any further token issuance or freezing, ensuring a fixed supply and decentralized control.
H-01HighUnresolved

Undefined Token Properties (Supply and Decimals)

Due to the uninitialized state of the SPL Token Mint, the token's total supply and decimal precision are currently undefined (`Supply (raw): unknown`, `Decimals: unknown`). This creates significant uncertainty and risk for token holders and liquidity providers, as the fundamental characteristics of the token can be arbitrarily set by the first entity to initialize the mint. This directly impacts the token's divisibility and potential for dilution.

Recommendation: As part of the mint initialization process, ensure that the token's decimals are set to an appropriate value (e.g., 6 or 9 for standard tokens) and that the initial supply is clearly defined and understood by the community. Transparency regarding these properties is crucial for investor confidence.
M-01MediumUnresolved

Misleading Authority Revocation Status for Uninitialized Mint

The audit reports indicate that both the Mint Authority and Freeze Authority are `revoked (None)`. While revocation is generally a positive security measure for established tokens, this status is misleading and provides a false sense of security for an uninitialized mint. Since the mint is uninitialized, these authorities have not yet been set, and therefore cannot be truly 'revoked.' Any actor initializing the mint can assign these authorities to an address of their choosing, negating the perceived security benefit.

Recommendation: Understand that authority revocation is only meaningful *after* a mint has been properly initialized and the authorities have been explicitly set and then revoked. Prioritize the immediate initialization of the mint. Once initialized, if a fixed supply and immutable state are desired, ensure authorities are explicitly set to `None` (revoked) as a separate step.
I-01InformationalUnresolved

Incomplete External Security Signal Data

External security signals from GoPlus Solana data and RugCheck are unavailable. This limits the comprehensive assessment of the token's broader ecosystem risk, such as potential rug pull indicators or contract security scores provided by these third-party services.

Recommendation: While not a direct vulnerability of the token itself, it is recommended to monitor these external security platforms if data becomes available in the future. For projects, ensuring visibility and data availability on such platforms can enhance transparency and trust.

Frequently Asked Questions

Is Bitcoin Bank a scam?

Based on the available data, Bitcoin Bank (BTCBANK) exhibits several high-risk characteristics commonly associated with potential scams. The contract is unverified, ownership is not renounced, and liquidity is unlocked. These elements allow developers complete control over the token's future, including the ability to remove liquidity and potentially render tokens worthless, making it highly susceptible to a "rug pull."

Is Bitcoin Bank safe to buy?

Given its high-risk score of 70/100, Bitcoin Bank (BTCBANK) is not considered safe for investment. Key risk factors include an unverified contract, unrenounced ownership, and unlocked liquidity. These conditions expose investors to significant vulnerabilities such as potential contract manipulation, token supply inflation, and the complete withdrawal of liquidity, leading to substantial financial loss.

Has Bitcoin Bank been audited?

There is no indication that Bitcoin Bank (BTCBANK) has undergone a formal security audit. Crucially, its contract remains unverified, meaning the underlying code is not publicly available for review by auditors or the community. Without contract verification, a comprehensive security audit is impossible, leaving potential vulnerabilities undetected and unaddressed.

Would You Like a More Detailed Audit of Bitcoin Bank?

Our AI-powered scanner gives you a deeper, real-time smart contract analysis — free, no signup required.

Get Detailed Audit
Run Free Audit →