The OKEx exchange suspended the withdrawal of BEC tokens and trading due to a hacker attack that enriched the attackers with 8 vigintillion units of the BeautyChain cryptocurrency.
On April 22, 2018, around 1:00 p.m. (Hong Kong time), the OKEx crypto exchange detected anomalous activity related to the BeautyChain (BEC) token. In this regard, the platform was forced to suspend the process of trading BEC tokens.
As it turned out later, hackers hacked the site and withdrew 8 vigintillion BEC units. To write this number, you need to add 63 zeros to the eight.
According to experts at PeckShield, who understood the vulnerability and the consequences of this hack, someone listed a very large number of BEC tokens - 8 vigintillion. PeckShield explains that this abnormal BEC activity comes from a batchOverflow attack that exploits a previously unknown vulnerability in a smart contract.
PeckShield has developed an automated system to scan and analyze Ethereum-based (ERC-20) token transfers. In particular, the system automatically sends a warning in case of suspicious transactions (for example, involving an unreasonably large number of tokens).
It was this system that, on 04/22/2018, raised the alarm due to transactions of the BEC token. This particular trade listed an anomalous amount of BEC token. In fact, there were two token transfers, with each transfer involving the same amount from the same BeautyChain contract, but to two different addresses.
The vulnerable function is in batchTransfer, where the local transaction amount variable is calculated, and the BatchOverflow error is contained in the batchTransfer function. More than a dozen smart contracts used in the operation of ERC20 services hide the same error.
The official website states: “At the request of the official BeautyChain (BEC) project team, we have now suspended the BEC withdrawal service and the BEC/USDT, BEC/BTC and BEC/ETH trading pairs. We will inform you about the situation after receiving notification from the team. We apologize for the inconvenience." The company plans to update the smart contract code and rollback the data of all three BEC trading pairs (BEC/BTC, BEC/ETH and BEC/USDT) by 13:18:00, April 22, 2018 (Hong Kong time).
Experts fear that the situation may be repeated on other crypto platforms trading assets with a similar smart contract. Moreover, with the widespread “code is law” principle in the Ethereum blockchain, there is no established security protection mechanism to eliminate these vulnerable contracts.
According to https://coinstelegram.com
You May Also Like
Nasdaq will launch a platform for security tokens
The world's second largest stock exchange, NASDAQ, is seeking to create a security token offering (STO) platform that will make it easier to conduct token sales to raise funds. This will allow not only to begin issuing investment tokens during ICOs for various projects, but also to ensure their sale.
Poloniex exchange extends preferential USDC trading
As we previously reported, Poloniex exchange's participation in the stablecoin wars is clear given the exchange's decision not to charge fees for using the USDC token on its platform. In November, USDC trading was carried out without any commissions. According to the exchange, the amount of unaccrued commissions amounted to more than $500,000.
