Scrutiny over Smart Contracts arose once again. On April 23rd, PeckShield, a blockchain security startup,discovered a new batchOverflow bug in multiple ERC-20 Smart Contracts and quickly alerted the public. Unusual SMT and BEC token transactions happened at about 03:28:52 AM UTC, according to PeckShield. The bug which effected the Ethereum smart contracts let malicious attackers create and receive large values of the batchOverflow-affected tokens.
Immediately after the incident took place, Huobi Pro, a decentralized exchange network established in 2013, blocked all tokens from deposits and withdrawals to keep users funds safe and away from attacks. Upon further evaluation, Huobi Pro allowed the deposits and withdrawals of non ERC-20 Tokens until the issue was resolved and opened the floors to usual activity including ERC-20 Tokens as well. The actions taken by the exchanges show determination and speed when it comes to user’s funds and protection.
OKEx, another popular exchange, said on April 24ththat it was rolling back trades on the BeautyChain Token. OKEx also announced that in light of the bug, it was suspending the deposits and withdrawals of a project called SmartMesh due to “abnormal trading activities.” Poloniex also came down hard on ERC-20 Tokens due to the batchOverflow bug. Huobi Pro released a statement on the day of the incident which read, [Huobi Pro] “has recovered the deposit and withdrawal of non-ERC20 tokens,” also siting that, “the safety of our users’ wallets are our top priority. We apologize for any inconvenience caused during this period.”
Many came to twitter to voice their concerns as well. A number of tweeters quoted the transfer of 65,133,050,195,990,400,000,000,000,000,000,000,000,000,000,000,000,000,000,000.891004451135422463 Smartmesh tokens (SMT) worth approximately $5,712,591,867,014,630,000,000,000,000,000,000,000,000,000,000,000,000,000,000.00 to the attacker’s address. This is what the transaction looked like:
Unfortunately, some of those tokens were sold, but hacker’s accounts on exchanges are now frozen and kept away from the malicious attackers. A technical breakdown of the proxyOverlow exploit can be seen here:
In all, it is very important and in fact necessary to create an account with a reputable and trustworthy exchange such as Coinbase and Huobi. Also, another important precautionary step to take is to keep your tokens in hardware wallets such as on the Nano S or Trezor. This keeps your investments away from others trying to gain illegal access or cause you any harm. Again, reputation, safety and security is everything. We want to maintain a better and safer ecosystem for all of us and keep attackers as far away as possible.
You may be interested
Opinion | What is a Security Token Offering (STO) and Why You Need an AdvisorBrian Evans - Oct 08, 2018
About the Author: Jaron Lukasiewicz is the CEO and founder of Influential Capital. Jaron has been an executive in the industry since 2012, previously serving as CEO of Coinsetter, one…
World Economic Forum: Blockchains improve Global EconomyBrian Evans - Oct 08, 2018
Beginning as a technology for financial ledgers only, blockchains have grown to become the corporate hype word around the globe. It’s touted as the invention that will…
‘Rehypothecation’: More about the Wall Street Practice that Could Ruin BitcoinBrian Evans - Oct 08, 2018
Note: This is part 4 in a multi-part article series exploring rehypothecation and commingling in bitcoin and other cryptocurrency markets. Part 1 and part 2 are interviews…