The details of the vulnerability allowing to empty wallets of cryptocurrency exchanges are disclosed

in #eth6 years ago


The provider of Level K dApp solutions disclosed details of the vulnerability in the Ethereum network, which was reported on November 9. The developers told about the attack called "vector of sabotage", which exploited the possibility of random calculations by the address to which Ethereum coins were sent.

The attack was to capitalize through mintinga tokens GasToken tied to the cost of gas in Ethereum, due to the random calculations upon receiving the ETH to your address, and the initiator of the transaction would be forced to pay for these actions. As a result, exchanges that did not implement such precautions as the gas limit were under threat.

At the same time, the vulnerability concerned not only Ethereum, but also tokens of the ERC-20 and ERC-721 standard. Thus, a potential attacker could not only deprive the “hot wallet” of some exchange of essential funds by burning gas, but also enrich himself.

At the moment, all trading platforms that have received a notification from Level K have implemented appropriate security measures.

Recall, on November 9, it also became known about the vulnerability in the Python implementation of the Ethereum virtual machine.

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.034
BTC 90284.37
ETH 3086.81
USDT 1.00
SBD 2.93