Ethereum’s smart contract bugs just keep on coming. Exchanges including Okex, Poloniex, Coinone, and Hitbtc today suspended deposits of ERC20 tokens following the discovery of a batch overflow bug written into the smart contracts governing numerous coins. The news comes in the same week that the ethereum community voted against restoring the lost ether that was locked up in the Parity smart contract bug last year.
Ethereum Tokens Battle a Nasty Bug
Creating an ethereum token that is free from exploitable bugs is a lot harder than it sounds. Earlier this year researchers claimed to have found 34,000 ethereum smart contracts that are vulnerable to bugs and a blog post authored this week has zeroed in on one in particular: a batch overflow bug that affects ERC20 smart contracts. Its discovery is serious enough to have prompted Okex to announce the suspension of ERC20 token deposits, writing:
We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug – “Batchoverflow”. By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.
Okex added: “To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.” Numerous other exchanges have followed suit.
Squishing Bugs Is a Never-Ending Battle
The possibility of attackers being able to steal, freeze, or duplicate ERC20 tokens is a nightmare scenario for any projects building on the ethereum protocol, as well as for existing tokens, whose teams will now be closely scrutinizing their code for vulnerabilities. One of the tokens affected is Smartmesh (SMT), an ERC20 that is tradeable on Huobi, Gate.io, Hitbtc, and Okex. Its smart contract currently shows signs of blatant exploitation, with a token balance and token value that run to over 30 figures. Hundreds of billions of SMT have been transferred from the Smartmesh smart contract in the past 24 hours.
The batch overflow blog post published on April 22 also identifies the Beautychain (BEC) token as having fallen prey to the same exploit. Its author writes: “We further run our system to scan and analyze other contracts. Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchoverflow. To demonstrate, we have successfully transacted with one vulnerable contract (that is not tradable in any exchange) as our proof-of-concept exploit.”
While the ERC20 tokens that have been affected by this exploit appear to comprise lesser known coins, the risk the bug presents is not limited to these projects alone. If attackers can create tokens out of thin air, they can then trade these on exchanges for ethereum or bitcoin, which has the potential to affect the price of these assets and to affect confidence in the ethereum ecosystem in particular. With the war for next generation blockchains heating up as competitors such as EOS prepare to launch, smart contract bugs are a burden that ethereum could do without.
Do you think ERC20 bugs can be eradicated altogether, or is there likely to be more vulnerabilities still undiscovered? Let us know in the comments section below.
Images courtesy of Shutterstock, and Coinmarketcap.
Need to calculate your bitcoin holdings? Check our tools section.
The post Exchanges Suspend ERC20 Token Deposits After Discovery of Smart Contract Bug appeared first on Bitcoin News.
Private security firms in Moscow are offering a new service – protection for people buying and selling cryptocurrency for cash. The companies have also expressed readiness to help investigate crypto-related crimes. Police are still reluctant to work on such cases, as cryptocurrencies are not yet regulated in Russia.
Bitcoin Worth Millions Snatched By Crypto Crooks
Several security companies in the Russian capital are now offering protection services to people trading cryptocurrencies offline. Deals often take place right on the street and involve crypto transactions through mobile or hard wallets and cash transfers. Virtual and fiat funds are often lost by a crypto user falling victim to modern day criminals.
A growing number of cases of cryptocurrency-related fraud and theft have been reported by Russian media in the past few months. While police are still reluctant to work on these cases, as cryptocurrencies are not yet regulated in Russia, their colleagues from the private sector have expressed readiness to help with the investigations.
Recently, police in Moscow arrested members of an organized criminal group from Dagestan, who have carried out attacks on crypto investors, the online outlet Life reported. In December, an attack on a 20-year-old student owning cryptocurrency worth millions of rubles became a media sensation. The young man was kidnaped at a subway station. Threatening him with a knife, the attackers took him to his home where they asked for 100 million rubles ($1.6 million) in cryptocurrency.
Several days ago, another Moscovite was robbed of 10 million rubles worth of bitcoin ($160,000). In broad daylight he tried to seal a deal with a “buyer” who took his hard wallet and sped off without paying any cash for the cryptos. A week before that, a resident of Nizhny Novgorod lost 800,000 rubles in cryptocurrency ($13,000) under pretty much the same circumstances. Not long ago, a senior citizen in Volgograd was also robbed by crypto crooks.
The criminal statistics in Russia are full of similar cases. Most of these crimes have been committed during crypto-fiat exchange deals on the street. Many Russians are tempted by these direct sales because online trading platforms take hefty commissions. Usually they involve cash payments and crypto transfers.
Rates Starting at Just $15 per Hour
The increasing number of thefts and frauds related to offline crypto deals has created a need for a new type of security escort service. Several companies in Moscow are already offering it to crypto buyers and sellers. Rates start at just 1,000 rubles per hour, about $15 USD, but prices go up if the client wants to rent a company car or hire more guards.
Russian law imposes restrictions on personal guard services, and the firms prefer to sign contracts for property protection. A suitcase with cash and a hard wallet with cryptocurrency fall within this category.
“The cost of our services depends on the amount of the transaction – we are charging a percentage. We also offer services abroad, as cryptocurrency is an international phenomenon,” said Natalia Kurovskaya, owner of one of the Moscow-based security firms.
Kurovskaya added that her company also works with crypto investors who have been robbed or defrauded by criminals. In her words, government law enforcement agencies don’t know how to investigate such crimes, as there is no legislation regulating the crypto sector yet.
In February, the founder of the Prizma coin was kidnapped in Moscow. His attackers took 300 bitcoins from him, along with $20,000, a notebook, and three mobile phones. Russian police, however, did not include the cryptos in the list of the stolen items.
Do you think private companies can do a better job investigating crypto-related crimes than police? Tell us in the comments section below.
Images courtesy of Shutterstock.
Want to create your own secure cold storage paper wallet? Check our tools section.
The post Security Firms Offer Protection for Crypto Traders in Moscow appeared first on Bitcoin News.
The anti-monopoly court of Chile has ordered two banks to re-open the accounts of Buda cryptocurrency exchange. #NEWS