Recent suspension of ERC-20 tokens by exchanges (at least Okex, Huobi, Changelly, HitBTC and reportedly others) draws attention to bad coding inside smart contract tokens.
In such environment it may prove useful to develop (or understand and use) a system as outlined in this post by PeckShield.
System scans token transfers and send alerts of suspicious transactions. With that filter one can then attentively look into the potentially bugged contract.