As a result of a newly detected bug – BatchOverFlow – associated with a smart contract token, OKEx cryptocurrency exchange halts deposits on all Ethereum ERC-20 Tokens.
This decision came as a result of the discovery of a new smart contract bug, which affects the BeautyChain token and a dozen others. This bug allows attackers to generate a whole lot of tokens and make deposits in regular wallet addresses.
The effect could be dangerous as hackers could use this method to enrich themselves, making a ton of wealth off the bug and also manipulating coin/token prices at will.
Until the bug is fixed, OKEx, though having contacted all teams which tokens are affected for them to conduct a proper investigation and fix the bug.
How The Bug Was Discovered
PeckShield, which is a blockchain security startup, has developed a program which can analyze transactions on Ethereum ERC-20 tokens, they were able to spot an unusually high volume transaction.
Sighting this, the team swung into action to deciphering one of the latest bug discoveries which allowed cyber attackers generate a lot of tokens and also let them deposit those tokens in a regular Ethereum ERC-20 compatible wallet.
The transaction which flags a warning contained two large amounts from a BeautyChain contract to two different addresses. After a closer look, it was discovered that the transfers originated from an outstanding integer overflow issue.
In a bid to further look into the problem, it was found that over a dozen ERC-20 smart contracts are vulnerable as well. Though there is nothing the PeckShield team could do to rectify this correctly, they have informed those whose tokens were vulnerable.
Control Measures
Though the OKEx cryptocurrency Exchange has stopped the process of trading and withdrawing ERC-20 tokens, it is also very important that more exchanges also do the same thing, as attackers could simply trade this large token volume for more valuable ones like BTC, ETH, or even fiat like the USD.
Aside from the tokens being cashed out, holding large tokens could easily give holders the opportunity to drive market prices at will.
Much earlier in the year, some attackers were able to gather Finance users details and creating an API you. This was what was used to perpetuate the attack on the Siacoin cryptocurrency.
We could see in the next few days that more exchanges unlike before.
