Crypto exchanges suspend Ethereum-based tokens after smart contract bugs detected | finder.com

Crypto exchanges suspend Ethereum-based tokens after smart contract bugs detected

Peter Terlato 25 April 2018 NEWS

Most exchanges have lifted the ERC-20 suspensions, although some functions still remain unavailable.

A number of cryptocurrency exchanges have ceased trading multiple ERC-20 tokens after bugs were discovered inside ethereum-based smart contracts which allowed users to unjustly transfer significant amounts of tokens.

Poloniex, Huobi Pro, OKEx, HitBTC, Changelly and Quoine halted ERC-20 deposits, withdrawals and trade.

However, at least three of these exchanges have now resumed ERC-20 services, as can be seen in tweets below.

Cryptocurrency and blockchain publication Coinmonks first reported the existence of a new “batchOverflow” bug in numerous ERC-20 smart contracts on April 22 and the presence of a “proxyOverflow” bug on April 24.

The posts reveal that Coinmonks automated system which analyzes ERC-20 token transfers “raised an alarm” related to two “unusual” and “extremely large” BeautyChain (BEC) token transactions. Coinmonks classified this anomaly as an “in-the-wild” attack that exploited a previously unknown vulnerability in ERC-20 contracts.

“For elaboration, we call this particular vulnerability batchOverflow,” Coinmonks reported.

Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchOverflow. However, with the touted ‘code-is-law’ principle in Ethereum blockchain, there is no traditional well-known security response mechanism in place to remedy these vulnerable contracts.

Coinmonks on the complexities of the batchOverflow bug

Additionally, blokchain startup PeckShield detected an unusually large MESH token transaction on Tuesday.

Following a system-wide scan, Coinmonks surmised that a substantial number of tokens were affected by the bugs including MESH, BEC, UGToken, SMT, SMART, MTC, FirstCoin, GG Token, CNY Token, CNYTokenPlus.

BeautyChain posted an announcement on its website, advocating that the company will release new smart contracts “as soon as possible”. The project reached an agreement with OKEx Exchange to roll back and cancel any transactions generated after 13:18 on April 22. Purchase of BEC currency will be returned in the same way.

The SmartMesh Foundation said that it would take the equivalent amount of SMT to the counterfeit amount and destroy it to make up for the losses caused, and keep the total supply of SMT at the value of 3,141,592,653.

There are several tokens which can be used in conjunction with Ethereum’s blockchain platform. These are separate to ether, Ethereum’s native currency. ERC-20 defines a list of rules for all Ethereum tokens to follow.

MyEtherWallet (MEW), an online app for storing, sending and receiving Ethereum-based digital tokens, was compromised in a phishing attack yesterday morning, with hackers seizing more than $150,000 in user funds.

You can learn all about different exchanges, understand exactly how to buy and sell cryptocurrencies, calculate your taxes, discover digital wallets to hold assets and explore a list of all the alternative coins on the market.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Ask an Expert

You are about to post a question on finder.com:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Privacy and Cookies Policy and Terms of Use.
Go to site