on the crypto
According to new research, more than $ 1 billion worth of tokens on the Ethereum blockchain lack a software standard released in 2017, making them vulnerable to being hijacked or taken from trading deposits.
Fake Deposit Exploits
The software vulnerability, called a fake deposit exploit, has been identified in 7.772 ERC-20 token issuers, according to research from Peking University, Beijing University of Posts and Telecommunications, Zhejiang University and the University of Queensland.
The research claims that by manipulating the code in the smart contracts, or programming scripts, of ERC-20 tokens listed on cryptocurrency exchanges that support poor transaction verification methods, a hacker can fraudulently steal exorbitant amounts of funds at almost no cost. .
The fake deposit attack could therefore crash the exchange, causing the holders of ERC-20 tokens and other cryptocurrencies to lose their funds. Some holders may also have problems accessing utilities purchased with ERC-20 tokens, which are increasingly tied to assets and needs such as energy, real estate and insurance.
Possible solutions
Since smart contracts are permanent on the Ethereum blockchain and cannot be canceled, it is up to cryptocurrency exchanges to repair ERC-20 token procedures already subject to the fake deposit attack.
Fabian Vogelsteller, the Ethereum developer who created the ERC-20 token, said cryptocurrency exchanges can blacklist malicious token contracts. Zhejiang University cyber-science professor Lei Wu, and a member of the research team, also suggested releasing so-called proxy smart contracts to keep the option of replacing old Ethereum smart contracts open.
However, some Ethereum developers have avoided writing smart contract proxies because they carry other security risks. For active ERC-20 tokens, the Ethereum Foundation recommends that Ethereum blockchain developers implement the smart contract software protection standard against careless cryptocurrency exchanges, Wu said.
Which ERC-20 tokens are at risk?
The vulnerable tokens with the highest trading volume on decentralized exchanges, CloudBric, MovieCredits, BullandBear, LOVE, and EtherDOGE, have had little or no activity, according to the research.
These ERC-20 tokens are circulating on decentralized exchanges such as IDEX, DDEX, Bitcoin system and Ether Delta, which fixed the vulnerability this month, according to the researchers. In contrast, 7.716 of the ERC-20 tokens vulnerable to the fake deposit attack - 99,2% of those identified - are listed on centralized exchanges such as Binance, Coinbase, OkEx and Kraken. Affected tokens on centralized exchanges, where most of the missing standard ERC-20 tokens are traded, were valued at over $ 1,1 billion in April.
Limited identification
The researchers declined to identify the affected Ethereum currencies beyond those positioned in the top five by trading volume on decentralized exchanges and the top five by market capitalization on centralized exchanges. The researchers also have not determined which centralized exchanges have not yet undertaken the recommended Ethereum token security procedures.
