$1B Ethereum tokens at risk of fake deposit attack

As much as $1 billion worth of Ethereum tokens are at risk from attack because they are missing a software standard released back in 2017, increasing the likelihood of loss from exchange hacks.

According to new research, the tokens are vulnerable to the so-called fake deposit attack with 7,772 issuers of ERC-20 tokens identified as being susceptible to the exploit.

The research, conducted by Peking University, Beijing University of Posts and Telecommunications, Zhejiang University and the University of Queensland, found that due to the flaw in transaction verification methods, the tokens were liable to being stolen at nearly no cost through a simple manipulation of smart contract code.

Haoyu Wang an associate professor of computer science at Beijing University of Posts and Telecommunications said in the worst case scenario an attack of this kind could require the tokens to be reissued noting that this would be a “great disaster” for the token.

Smart contracts on hobby platform Ethereum are permanent, so the vulnerability is one which leaves digital currency exchanges on the hook for fixing the problem. While the exchanges can blacklist token contracts deemed malicious, the research anticipates this would be a significant problem for exchanges to rectify.

The exploit works by allowing hackers to transfer a single Ethereum token while specifying an amount of tokens to send to a separate exchange account controlled by the hackers. Known as ‘transaction duping,’ the discrepancy between token standards allows for hackers to effectively use the exploit to siphon off Ethereum tokens beyond those to which they should have access.

The vulnerability will be a significant cause for concern for exchanges and Ethereum users, raising questions about further exploits which could jeopardize security on the network.

At a time of increase fraud and hacking attacks, the findings will raise further questions about the technology behind Ethereum.

Source: Read Full Article