THELOGICALINDIAN - Today April 25th the third better cryptocurrency barter by trading aggregate OKExannounced that all ERC20 badge deposits accept been abeyant
The move comes afterwards developers apparent an Ethereum Smart Contract bug alleged BatchOverflow which permits those who accomplishment the bug to affair an about absolute cardinal of new tokens. In turn, the anew minted tokens can again be deposited into added asset wallets. ‘This makes abounding of the ERC-20 tokens accessible to amount manipulations of the attackers,’ the OKEx aggregation wrote.
Ethereum Smart Contract Bug: BatchOverflow
The affair was aboriginal appear in a Medium post published by OKEx three canicule ago. The column explained that the bug is a archetypal accumulation overflow issue, which occurs back any operation uses a after amount alfresco the ambit that can be represented with the allocated cardinal of bits. In account the problem, OKEx’s column additionally included a proof-of-concept which showed how an absolute cardinal of tokens can be generated from any accessible ERC-20 contract.
The column reads: “To assure accessible interest, we accept absitively to append the deposits of all ERC-20 tokens until the bug is fixed. Also, we accept contacted the afflicted badge teams to conduct analysis and booty all-important measures to anticipate the attack.”
It’s still cryptic how abounding ERC-20 tokens are accessible to this bug, or which ones accurately are affected. As of today, BeautyChain (BEC) is the alone accepted badge to be attacked.
The big abhorrence is that this accurate Ethereum Smart Contract bug will admittance amount manipulations of the accessible ERC-20 tokens. Unfortunately, a agnate adventure occurred in March on the cryptocurrency barter Binance back attackers manipulated Viacoin (VIA), exchanging users altcoins for VIA and causing the coin’s amount to climb.
OKEx and Changelly
Besides OKEx, addition cryptocurrency trading platform, Changelly, has additionally abeyant ERC-20 badge trading. Announcing the abeyance through its Twitter, the aggregation wrote:
“Dear Customers, ERC20 tokens are briefly bare due to an accomplishment check. We will accompany them back, already we are abiding there is no vulnerability in deposits received. Follow the updates!”
This account comes aloof a day afterwards a DNS attack was accomplished adjoin accepted online cryptocurrency accumulator provider MyEtherWallet (MEW). The aegis aperture occurred at about 12:00 p.m. UTC bygone and led to the clarification of abounding MEW users funds.
According to an official statement from the MEW aggregation on Reddit, the aperture occurred through the hijacking of Domain Name System servers. This acquired MEW users to be redirected to phishing sites area ascendancy of their funds were aback handed over to the perpetrators of the attack.
