Skip to main content

Over $1 Billion Ethereum-Based Tokens Vulnerable to ‘Fake Deposit Exploit’

Over $1 Billion in Ethereum-Based Tokens Vulnerable to 'Fake Deposit Exploit'

A number of university researchers published a study that demystifies the “fake deposit vulnerability” in Ethereum-based smart contracts. The findings show that over 7,000 tokens worth more than $1 billion built on top of Ethereum are vulnerable to two types of attacks that exploit smart contracts.

Researchers from the University of Queensland, Beijing University of Posts and Telecommunications, Zhejiang University, and Peking University have published a paper that describes a vulnerability held by over 7,000 Ethereum-based tokens.

Essentially, the tokens created have verification methods that are subpar to ERC20 contracts released after 2017. The vulnerability allows the token’s codebase to be manipulated and hackers can easily steal millions of dollars by executing the “fake deposit vulnerability.”

What is worse is that there are more than 25 million smart contracts built using the Ethereum network and the researchers say only “0.36% of them have released their source code according to our dataset.”

Moreover, the paper discusses that the tokens are vulnerable on both decentralized exchanges (dex) and centralized exchanges (cex) because they allow these coins to be swapped “without comprehensive verification.”

The team of researchers leveraged a tool called “Deposafe,” which allows the testing of a large number of ETH-based smart contracts.

“In this work, we have systematically characterized the fake deposit vulnerability in Ethereum. Deposafe, an automated tool is proposed to perform the detection and verification of the vulnerability,” the paper states.

“We demonstrate the efficiency of Deposafe with experiments on a large number of smart contracts. Our observations reveal the prevalence of fake deposit vulnerability in the ERC20 smart contracts,” the university’s scholars wrote.

The investigators found that 7,735 tokens can be influenced by the fake deposit vulnerability using a “Type-I attack.” While “7,716 tokens that are vulnerable to “Type-II attack” with a market cap of over $1 billion.

“The number of holders and transactions would be 695K and 4.6 million respectively,” the paper stresses.

The paper also identifies the dexes that have high active trading on a daily basis and could suffer from the fake deposit attack. Dex platforms listed in the researcher’s paper include Ether Delta, DDEX, and IDEX.

Centralized exchanges (cex) that fall victim to the fake deposit attack could lose substantial amounts of funds.

“If a cex allows these tokens to be traded without comprehensive verification, the financial loss will be tremendous,” the paper highlights.

The authors of the report say that the efforts they have provided can “contribute to bring developer awareness” and hopefully “promote best operational practices across blockchains.”

The listed cex platforms mentioned in the researcher’s study include companies like Kraken, Binance, and Coinbase. ERC20s who are allegedly vulnerable to the fake deposit exploit include BRC token, PWR token, BAT, HPT token, Cloudbric, RPL token, Moviecredits, and more.

What do you think about the fake deposit attack? Let us know what you think about this subject in the comments section below.

The post Over $1 Billion Ethereum-Based Tokens Vulnerable to ‘Fake Deposit Exploit’ appeared first on Bitcoin News.



from Bitcoin News https://ift.tt/31AG39X

Comments

Popular posts from this blog

Deep Web Roundup: Dream Adds Monero and Bitcoin Tumbler “Chip Mixer” Launches

The darknet has been quiet of late, which is the way it’s meant to be. No news means no mega busts, honeypots, or mass market shutdowns. Even when it’s out of the spotlight though, the deep web is quietly making news, whether trialling the latest privacy coins or the newest coin mixers that promise to restore a little of the privacy that’s being stripped away from bitcoin users on a daily basis. Also read: U.S. Agency ICE Conducts Investigations That Exploit Blockchain Activity The Battle for Privacy Heats Up Privacy is all relative, but of late there’s been relatively little privacy to be enjoyed by bitcoin users. Blockchain monitoring software is becoming more sophisticated and more common, with U.S. law enforcement agencies using it to profile and hunt down deep web users. Chip Mixer is a relatively new bitcoin tumbler that’s designed to restore some of that privacy. Available on both the clearnet and darknet, the service uses a variety of techniques to obfuscate blockchain m

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli

Ombudsman Receives Complaints About Crypto Investments in Spain

The Spanish ombudsman has been receiving complaints about cryptocurrency and how some Spanish citizens investing in these vehicles have lost everything. In his annual report, Angel Gabilondo recognized the rise of cryptocurrencies as a new problem due to the little or no regulation crypto sees in the country. In the same way, the EU has also warned about these assets recently. Spanish Ombudsman Gives His Take on Crypto Angel Gabilondo, the Spanish ombudsman, has given his take regarding cryptocurrencies and the effects they have on citizens investing in some of these projects. Gabilondo said in his yearly report that cryptocurrencies have become “a new problem” during the year examined, with many people having lost all of their funds invested. The report states : Cryptocurrency exchange companies or platforms are not regulated in the legal system, are not subject to any public supervision system, nor do they benefit from deposit guarantee systems. The affected users that sought