$1 Billion Ethereum Tokens are Vulnerable to ‘Fake Deposit Attack’
More than $1 billion of Ethereum tokens don’t have a software standard that was released in 2017. According to new research, this sets them up to be drained or hijacked from trading exchanges. Known as a fake deposit exploit, this software vulnerability was highlighted in 7,772 issuers of ERC-20 tokens. As per the research, it is possible for hackers to program the scripts of the ERC-tokens that are listed on crypto exchanges or manipulate code in the smart contracts, particularly where the transaction verification methods are deficient. This would enable them to siphon massive amounts of funds fraudulently at no cost.
The exchange would then crash because of the fake deposit attack and it would cause holders of ERC-20 tokens and another crypto to lose their funds. As a matter of fact, some holders could even encounter problems in accessing utilities that have been bought with the ERC-20 tokens, which are now being increasingly tied to necessities and goods like real estate, energy, and insurance. One of the researchers stated that if the fake deposit attack is conducted by hackers, it would be disastrous for the Ethereum tokens. The worst-case scenario would mean the re-issuing of the token.
Since smart contracts are permanent on the Ethereum blockchain and it is not possible to reverse them, it is now the job of the crypto exchanges to fix the ERC-20 token procedures that are vulnerable to the fake deposit attack. The Ethereum developer, Fabian Vogelstellar, who developed ERC-20 tokens, said that malicious token contracts can be blacklisted by cryptocurrency exchanges. A researcher suggested that so-called proxy smart contracts be released to give people the option of replacing old smart contracts on the Ethereum blockchain. However, some Ethereum developers have avoided proxy smart contracts because they have their own risks associated with them.
As far as ERC-20 tokens are concerned, the Ethereum Foundation has recommended that protective smart contract software standards be established by Ethereum blockchain developers. This would work as a failsafe against cryptocurrency exchanges that are inattentive. Research shows that the vulnerable tokens that have the most trading volume on exchanges, such as EtherDOGE, LOVE, BullandBear, MovieCredits and CloudBric, have had little or no activity. These ERC-20 tokens are currently circulating on three decentralized exchanges, which are Ether Delta, DDEX, and IDEX. According to the researchers, these exchanges patched this vulnerability in this month.
In comparison, nearly 99.2% of the identified ERC-20 tokens, which are 7,712 in number, can be found on centralized exchanges, such as Coinbase, Binance, OKEx, and Kraken. The bulk of the vulnerable ERC-20 tokens are trading on centralized exchanges and in April, they have a total value of $1.1 billion. The top five vulnerable tokens were highlighted by researchers that can be found on decentralized exchanges. These include the BRC token by Baer Chain, the Basic Attention Token (BAT) by the Brave privacy web browser, the HPT token that belongs to the Chinese cryptocurrency exchange, the RPL token by the Rocket Pool Ethereum app service and the PWR Token by the Power Ledger electrical grid blockchain.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.