Analysis: TronBank 26.73 million TRX was stolen, or because of the back door of TRX Pro in the main network contract

On May 4th, DappReview issued a document saying that at 4:12 am on May 3, Beijing time, a magical contract call transferred the 26.73 million TRX (worth 4.27 million RMB) in the TronBank contract, and the contract balance was zero. About 2 hours after the theft occurred, the owner of the 26.73 million TRX address THeRTT** was set up and wojak appeared. According to Wojak, he wrote a script to analyze the wavecode of the wavefield virtual machine, scan the contract in batches and initiate a transaction to see if there is any way to make money. As a result, he accidentally hit the Tronbank contract. At first he didn't even know that the money was from Tronbank. Some people in the community suggested that wojak return the money to the Tronbank developer, and wojak thinks this is not his problem. Developers should write their own test cases, do audits, and at least run some formal verifications (obviously they are not doing anything). He is willing to return the money to every investor in Tronbank, not the developer of the project. According to the existing information, it is still too early to conclude that “the developer is placing the back door in the contract”. The objective conclusions that can be drawn at present are only two points: 1. TRX Pro has a back door in the contract of the main network; 2. The code certified on the TSC does not match the actual contract run logic.