On 25/04/2018 another alarm rang in the crypto world as many prominent exchanges such as HitBTC, Poloniex, OKEx, Quoine and others suspended deposits and transfers of all ERC-20 tokens citing a bug in the smart contracts’ code.
Among the first movers who took action there is Huobi.pro who promptly suspended deposits and withdrawals of all coins as early as the 24/04. The total suspension didn’t last long, indeed they resumed deposit and transfers of all Non-ERC20 tokens a couple of hours later.
The bug was actually identified as early as April 22 by PeckShield, a blockchain security firm. PeckShield identified a so called “batchOverflow bug” in multiple ethereum-based ERC-20 smart contracts where the function “batchTransfer” is the vulnerable point. On their website, the team of PeckShield explains how this bug allows attackers to create and send an unlimited amount of tokens! They also stated that this “is essentially a classic integer overflow issue” adding that the "batchTransfer" function is not part of the token standard for ethereum based tokens, meaning that not all ERC-20 tokens have been affected.
Here's the lines of the code responsible for the bug.
BeautyChain (BEC) has been identified as the first affected token thanks to a suspicious huge transaction analyzed by PeckShield, which amounted to almost 57.9 * 10^57 BEC tokens.
The suspicious huge transaction.
On April 25 another report by PeckShield came out, this time the unusual transactions affected the SmartMesh tokens (SMT), the attack pattern has been the same. Both BeautyChain and SmartMesh acknowledged the fact and are taking steps in order to prevent further issues.
Here’s the SmartMesh crazy transaction amount.
As of 26/04 some of the exchanges have already lifted almost all of the limitations on deposits & withdrawals of ERC-20 Tokens:
Here is what PeckShield writes on its website about this kind of bugs:
“With the touted “code-is-law” principle in Ethereum blockchain, there is no traditional well-known security response mechanism in place to remedy these vulnerable contracts! A proper way to recover from these vulnerabilities and devastating effects requires coordination and support from all eco-system members, especially digital asset exchanges.
In the meantime, we cannot over-emphasize the importance of performing a thorough and comprehensive audit of smart contracts before deployment”
PeckShield have also provided a list of others affected tokens:
Hey @andreaforcrypto, the markets are pretty crazy right now. Crypto is back to a weird space but I know long term it's still what we're all hoping it will be! Cheers
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yes, I am very bullish about bitcoin and crypto, especially in 2018 :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Be advised @andreaforcrypto
The comment from @exxodus has been identified as being copy/pasted comment spam intended to trick their targets into upvoting them. Please, refrain from doing so. They have been reported to @steemcleaners and we are giving users a heads-up.
We have identified 234 comments identifed as having a 75% similarity. If there were rewards on the spam, I have used up to a full weight downvote to neutralize them! Please, feel free to contact @anthonyadavisii if you have any questions about this process.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit