The OKEx exchange suspended the withdrawal of BEC tokens and trading due to a hacker attack that enriched the attackers with 8 vigintillion units of the BeautyChain cryptocurrency.
On April 22, 2018, around 1:00 p.m. (Hong Kong time), the OKEx crypto exchange detected anomalous activity related to the BeautyChain (BEC) token. In this regard, the platform was forced to suspend the process of trading BEC tokens.
As it turned out later, hackers hacked the site and withdrew 8 vigintillion BEC units. To write this number, you need to add 63 zeros to the eight.
According to experts at PeckShield, who understood the vulnerability and the consequences of this hack, someone listed a very large number of BEC tokens - 8 vigintillion. PeckShield explains that this abnormal BEC activity comes from a batchOverflow attack that exploits a previously unknown vulnerability in a smart contract.
PeckShield has developed an automated system to scan and analyze Ethereum-based (ERC-20) token transfers. In particular, the system automatically sends a warning in case of suspicious transactions (for example, involving an unreasonably large number of tokens).
It was this system that, on 04/22/2018, raised the alarm due to transactions of the BEC token. This particular trade listed an anomalous amount of BEC token. In fact, there were two token transfers, with each transfer involving the same amount from the same BeautyChain contract, but to two different addresses.
The vulnerable function is in batchTransfer, where the local transaction amount variable is calculated, and the BatchOverflow error is contained in the batchTransfer function. More than a dozen smart contracts used in the operation of ERC20 services hide the same error.
The official website states: “At the request of the official BeautyChain (BEC) project team, we have now suspended the BEC withdrawal service and the BEC/USDT, BEC/BTC and BEC/ETH trading pairs. We will inform you about the situation after receiving notification from the team. We apologize for the inconvenience." The company plans to update the smart contract code and rollback the data of all three BEC trading pairs (BEC/BTC, BEC/ETH and BEC/USDT) by 13:18:00, April 22, 2018 (Hong Kong time).
Experts fear that the situation may be repeated on other crypto platforms trading assets with a similar smart contract. Moreover, with the widespread “code is law” principle in the Ethereum blockchain, there is no established security protection mechanism to eliminate these vulnerable contracts.
According to https://coinstelegram.com
You May Also Like
Huobi Exchange may cancel trading of 32 cryptocurrencies
Huobi, one of the largest cryptocurrency exchanges in the world, recently published a list of 32 digital currencies that are at risk. The company marks with the “ST” label companies that issue tokens and do not publish their quarterly or semi-annual report on time twice in a row.
DeFi Crosschain Network Aleph.im to Roll Out Pre-Listing Subscription on ProBit Exchange’s Exclusive
With the latest conclusion of its premium lasting platform for Bluzelle, ProBit Exchange is charging ahead with their 2nd of 4 ProBit Exclusive slots in November for Aleph.im starting November 11. The breakneck pace at which the exchange is launching their Exclusive platform is part of its ongoing commemorative 2nd birthday event with 50,000 USDT for eligible participants until November 30.
