Scrutiny over Smart Contracts arose once again. On April 23rd, PeckShield, a blockchain security startup,discovered a new batchOverflow bug in multiple ERC-20 Smart Contracts and quickly alerted the public. Unusual SMT and BEC token transactions happened at about 03:28:52 AM UTC, according to PeckShield. The bug which effected the Ethereum smart contracts let malicious attackers create and receive large values of the batchOverflow-affected tokens.
Immediately after the incident took place, Huobi Pro, a decentralized exchange network established in 2013, blocked all tokens from deposits and withdrawals to keep users funds safe and away from attacks. Upon further evaluation, Huobi Pro allowed the deposits and withdrawals of non ERC-20 Tokens until the issue was resolved and opened the floors to usual activity including ERC-20 Tokens as well. The actions taken by the exchanges show determination and speed when it comes to user’s funds and protection.
OKEx, another popular exchange, said on April 24ththat it was rolling back trades on the BeautyChain Token. OKEx also announced that in light of the bug, it was suspending the deposits and withdrawals of a project called SmartMesh due to “abnormal trading activities.” Poloniex also came down hard on ERC-20 Tokens due to the batchOverflow bug. Huobi Pro released a statement on the day of the incident which read, [Huobi Pro] “has recovered the deposit and withdrawal of non-ERC20 tokens,” also siting that, “the safety of our users’ wallets are our top priority. We apologize for any inconvenience caused during this period.”
Many came to twitter to voice their concerns as well. A number of tweeters quoted the transfer of 65,133,050,195,990,400,000,000,000,000,000,000,000,000,000,000,000,000,000,000.891004451135422463 Smartmesh tokens (SMT) worth approximately $5,712,591,867,014,630,000,000,000,000,000,000,000,000,000,000,000,000,000,000.00 to the attacker’s address. This is what the transaction looked like:
Unfortunately, some of those tokens were sold, but hacker’s accounts on exchanges are now frozen and kept away from the malicious attackers. A technical breakdown of the proxyOverlow exploit can be seen here:
In all, it is very important and in fact necessary to create an account with a reputable and trustworthy exchange such as Coinbase and Huobi. Also, another important precautionary step to take is to keep your tokens in hardware wallets such as on the Nano S or Trezor. This keeps your investments away from others trying to gain illegal access or cause you any harm. Again, reputation, safety and security is everything. We want to maintain a better and safer ecosystem for all of us and keep attackers as far away as possible.
You may be interested
Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: ReportBrian Evans - Jan 18, 2019
New report reveals a cryptojacking virus targeting Linux servers has the ability to disable cloud-based security measures to avoid detection
Overstock’s Patrick Byrne Says tZERO Will Launch Next WeekBrian Evans - Jan 18, 2019
The tZERO security token trading platfrom will go live next week, says Overstock.com CEO Patrick Byrne.
Clever Play? PayPal CEO Offers Help to Workers Hurt by US Government ShutdownBrian Evans - Jan 18, 2019
Dan Schulman, the president and CEO of PayPal, said that the fintech giant would provide federal employees affected by the partial US government shutdown with an interest-free…