A newly discovered vulnerability in the GasToken token, which runs on the Ethereum blockchain, could allow hackers to withdraw funds from exchange hot storage wallets, or even counterfeit tokens for profit.
According to a recently published study, this vulnerability mainly affects exchangers that have not set a withdrawal limit. The study explains:
The most primitive attack scenario is that Vasya has an exchanger that Petya wants to hack. Petya can request a transfer of funds from his wallet to a contract address that he controls. If Vasya neglected to set a reasonable limit on ETH, he will pay a transaction fee from his hot wallet. Having carried out a sufficient number of transactions, Petya can empty Vasya’s wallet.
If the exchanger does not use KYC technology, a hacker can bypass the withdrawal limit. A more skilled attacker could even impose a “tax” on transactions, and create their own token for profit.
Notably, the vulnerability only affects those who initiate Ethereum transactions, and not those who process them. Therefore, decentralized cryptocurrency exchanges like ForkDelta and other exchangers that work with smart contracts that process user-initiated transactions will not be affected by the bug.
It is currently unknown how many exchangers are affected. According to the researchers who discovered the vulnerability, they contacted each potentially affected exchange before publishing the information.
Exchanges were advised to set a “reasonable gas limit” during withdrawals. The researchers also advised potentially affected platforms to review their logs, as attackers could have discovered this vulnerability a long time ago.
The paper notes that other blockchains, like EthereumClassic and EOS, may also be affected by the bug.
This is not the first critical error discovered this year. In March of this year, a bug was fixed that allowed Coinbase users to credit themselves with an infinite amount of Ethereum.
According to www.cryptoglobe.com
You May Also Like
Analysis of cryptocurrency pairs BTC/USD, ETH/USD, XRP/USD as of 08/17/2018
Resistance levels did not allow the growth of cryptocurrency pairs to develop yesterday. If buying volumes do not increase to overcome these levels, the market will return to an overall decline
Market overview of the main cryptocurrency pairs for the current week (from 08/06/2018 to 08/12/2018)
In today's review, as always, we summarize the results of the outgoing week and analyze the overall price dynamics
