Scrutiny over Smart Contracts arose once again. On April 23rd, PeckShield, a blockchain security startup,discovered a new batchOverflow bug in multiple ERC-20 Smart Contracts and quickly alerted the public. Unusual SMT and BEC token transactions happened at about 03:28:52 AM UTC, according to PeckShield. The bug which effected the Ethereum smart contracts let malicious attackers create and receive large values of the batchOverflow-affected tokens.
Immediately after the incident took place, Huobi Pro, a decentralized exchange network established in 2013, blocked all tokens from deposits and withdrawals to keep users funds safe and away from attacks. Upon further evaluation, Huobi Pro allowed the deposits and withdrawals of non ERC-20 Tokens until the issue was resolved and opened the floors to usual activity including ERC-20 Tokens as well. The actions taken by the exchanges show determination and speed when it comes to user’s funds and protection.
OKEx, another popular exchange, said on April 24ththat it was rolling back trades on the BeautyChain Token. OKEx also announced that in light of the bug, it was suspending the deposits and withdrawals of a project called SmartMesh due to “abnormal trading activities.” Poloniex also came down hard on ERC-20 Tokens due to the batchOverflow bug. Huobi Pro released a statement on the day of the incident which read, [Huobi Pro] “has recovered the deposit and withdrawal of non-ERC20 tokens,” also siting that, “the safety of our users’ wallets are our top priority. We apologize for any inconvenience caused during this period.”
Many came to twitter to voice their concerns as well. A number of tweeters quoted the transfer of 65,133,050,195,990,400,000,000,000,000,000,000,000,000,000,000,000,000,000,000.891004451135422463 Smartmesh tokens (SMT) worth approximately $5,712,591,867,014,630,000,000,000,000,000,000,000,000,000,000,000,000,000,000.00 to the attacker’s address. This is what the transaction looked like:
Unfortunately, some of those tokens were sold, but hacker’s accounts on exchanges are now frozen and kept away from the malicious attackers. A technical breakdown of the proxyOverlow exploit can be seen here:
In all, it is very important and in fact necessary to create an account with a reputable and trustworthy exchange such as Coinbase and Huobi. Also, another important precautionary step to take is to keep your tokens in hardware wallets such as on the Nano S or Trezor. This keeps your investments away from others trying to gain illegal access or cause you any harm. Again, reputation, safety and security is everything. We want to maintain a better and safer ecosystem for all of us and keep attackers as far away as possible.
via The Merkle https://themerkle.com
May 16, 2018 at 06:10PM
Speed up your bitcoin transactions at SpdyBit.io