The OKEX, the third largest crypto-exchange in the world in terms of trading volume, suspended all transactions with ERC20 tokens after the opening of trading on April 25; developers say that a "new mistake of a smart contract" was discovered.
In his blog, crypto-exchange confirmed that the bug, called BatchOverFlow, allowed malicious parties to "generate a very large number of tokens and put them on a regular address."
Crypto-exchange says:
This makes many of the ERC20 tokens vulnerable to the manipulation of prices by attackers. To protect the public interest, we decided to suspend deposits with ERC20 tokens until the error is corrected.
New events followed just a day after the DNS server substitution resulted in some users of MyEtherWallet purses used to store and exchange ERC20 tokens, inadvertently being redirected to phishing websites, compromising their login data and opening access to personal assets.
Although some sources mistakenly attributed the attack to weak points in the infrastructure of MyEtherWallet, the developers subsequently refuted these claims.
As of the time of printing, the source of the OKEX problem remains unknown.
Crypto-exchange "contacted the teams representing the affected tokens to investigate and take the necessary measures to prevent the attack." OKEX adds that the operations already performed by the clients will be restored after the normalization of the situation.
In his blog, crypto-exchange confirmed that the bug, called BatchOverFlow, allowed malicious parties to "generate a very large number of tokens and put them on a regular address."
Crypto-exchange says:
This makes many of the ERC20 tokens vulnerable to the manipulation of prices by attackers. To protect the public interest, we decided to suspend deposits with ERC20 tokens until the error is corrected.
New events followed just a day after the DNS server substitution resulted in some users of MyEtherWallet purses used to store and exchange ERC20 tokens, inadvertently being redirected to phishing websites, compromising their login data and opening access to personal assets.
Although some sources mistakenly attributed the attack to weak points in the infrastructure of MyEtherWallet, the developers subsequently refuted these claims.
As of the time of printing, the source of the OKEX problem remains unknown.
Crypto-exchange "contacted the teams representing the affected tokens to investigate and take the necessary measures to prevent the attack." OKEX adds that the operations already performed by the clients will be restored after the normalization of the situation.
No comments:
Post a Comment