Fun

Over $1 Billion Ethereum-Based Tokens Vulnerable to ‘Fake Deposit Exploit’

News Feed - 2020-08-28 09:08:25

Over $1 Billion Ethereum-Based Tokens Vulnerable to "Fake Deposit Exploit"


A number of university researchers published a study that demystifies the “fake deposit vulnerability” in Ethereum-based smart contracts. The findings show that over 7,000 tokens worth more than $1 billion built on top of Ethereum are vulnerable to two types of attacks that exploit smart contracts.


Researchers from the University of Queensland, Beijing University of Posts and Telecommunications, Zhejiang University, and Peking University have published a paper that describes a vulnerability held by over 7,000 Ethereum-based tokens.


Essentially, the tokens created have verification methods that are subpar to ERC20 contracts released after 2017. The vulnerability allows the token’s codebase to be manipulated and hackers can easily steal millions of dollars by executing the “fake deposit vulnerability.”


What is worse is that there are more than 25 million smart contracts built using the Ethereum network and the researchers say only “0.36% of them have released their source code according to our dataset.”


Moreover, the paper discusses that the tokens are vulnerable on both decentralized exchanges (dex) and centralized exchanges (cex) because they allow these coins to be swapped “without comprehensive verification.”


The team of researchers leveraged a tool called “Deposafe,” which allows the testing of a large number of ETH-based smart contracts.


“In this work, we have systematically characterized the fake deposit vulnerability in Ethereum. Deposafe, an automated tool is proposed to perform the detection and verification of the vulnerability,” the paper states.


“We demonstrate the efficiency of Deposafe with experiments on a large number of smart contracts. Our observations reveal the prevalence of fake deposit vulnerability in the ERC20 smart contracts,” the university’s scholars wrote.


The investigators found that 7,735 tokens can be influenced by the fake deposit vulnerability using a “Type-I attack.” While “7,716 tokens that are vulnerable to “Type-II attack” with a market cap of over $1 billion.


“The number of holders and transactions would be 695K and 4.6 million respectively,” the paper stresses.


The paper also identifies the dexes that have high active trading on a daily basis and could suffer from the fake deposit attack. Dex platforms listed in the researcher’s paper include Ether Delta, DDEX, and IDEX.


Centralized exchanges (cex) that fall victim to the fake deposit attack could lose substantial amounts of funds.


“If a cex allows these tokens to be traded without comprehensive verification, the financial loss will be tremendous,” the paper highlights.


The authors of the report say that the efforts they have provided can “contribute to bring developer awareness” and hopefully “promote best operational practices across blockchains.”


The listed cex platforms mentioned in the researcher’s study include companies like Kraken, Binance, and Coinbase. ERC20s who are allegedly vulnerable to the fake deposit exploit include BRC token, PWR token, BAT, HPT token, Cloudbric, RPL token, Moviecredits, and more.


What do you think about the fake deposit attack? Let us know what you think about this subject in the comments section below.Banks in Mexico Pose Greater Money Laundering Risk Than Crypto Firms, Says ReportNEWS | 2 hours ago"Bitcoin Will Never Ditch You" Ad Dominates Front Page of Major Hong Kong NewspaperNEWS | 16 hours agoTags in this story1 billion, CEX, crypto, Deposafe, DEX, ERC20, ERC20 Tokens, ETH tokens, ETH-based smart contracts, Ethereum, Fake Deposit, Fake Deposit Exploit, Smart Contracts, subpar verification, Type-I attack, Type-II attack, verification methods, Vulnerability


Image Credits: Shutterstock, Pixabay, Wiki CommonsSpot-markets for Bitcoin, Bitcoin Cash, Ripple, Litecoin and more. Start your trading here.Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.Read disclaimerShow comments

News Feed
Price analysis 3/4: SPX, DXY, BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX
Rakesh Upadhyay6 hours agoPrice analysis 3/4: SPX, DXY, BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAXBitcoin looks ready to blast above its all-time high, but traders should remember that vertical rallies are rarely sustainab
2024-03-05 02:58 AM
MTI Liquidators Reject Claim Peddled by Opponents, Insist the Entity ‘Was a Massive Fraudulent Scam’
MTI Liquidators Reject Claim Peddled by Opponents, Insist the Entity "Was a Massive Fraudulent Scam" Liquidators of Mirror Trading International (MTI) have attacked the claim that
2022-02-15 15:30 PM
Pewdiepie Joins the Blockchain AR Game Wallem, Players Can Buy Youtube Star’s NFT Skin
Pewdiepie Joins the Blockchain AR Game Wallem, Players Can Buy Youtube Star"s NFT Skin The world-famous gamer and Youtuber, Pewdiepie is getting involved with an
2020-11-02 03:00 AM
Dex Aggregator 1inch Partners With NFT Animated Series ‘Take My Muffin’
Dex Aggregator 1inch Partners With NFT Animated Series "Take My Muffin" On September 3, the decentralized exchange (dex) aggregation platform 1inch announced the project has partne
2021-09-05 14:30 PM
Ubisoft is now a validator on the XPLA blockchain
Tristan Greene7 hours agoUbisoft is now a validator on the XPLA blockchainThe blockchain gaming sector is starting to pick up steam.12055 Total views3 Total sharesListen to article 0:00NewsOwn this piece of crypto histor
2024-03-12 01:20 AM
Aspen Creek Digital and Compass Mining to Host Thousands of Bitcoin Mining Rigs at Texas Solar Farm
Aspen Creek Digital and Compass Mining to Host Thousands of Bitcoin Mining Rigs at Texas Solar Farm On October 26, the bitcoin mining operator Aspen Creek Digital Corporation (ACDC
2022-10-27 05:00 AM
Several Crypto Mining Operations Busted in Russia
Several Crypto Mining Operations Busted in Russia Authorities and power utilities in various Russian regions have shut down illegal crypto mining farms, seizing hardware and taking
2023-03-19 17:30 PM
Kenya drops Worldcoin probe — ‘No further police action’
Helen Partz23 minutes agoKenya drops Worldcoin probe — ‘No further police action’After suspending Worldcoin operations in August 2023, Kenyan authorities have finally dropped a probe against the firm, potentially p
2024-06-20 17:36 PM
Crypto mass adoption is just 12–18 months away — Yat Siu
Jonathan DeYoung12 hours agoCrypto mass adoption is just 12–18 months away — Yat SiuAnimoca Brands co-founder and chairman Yat Siu believes mass adoption is closer than one may think, and that blockchain gaming will
2024-06-10 20:10 PM
XRP rockets 26% as Ripple execs hail $125M penalty as ‘victory’
Ciaran Lyons7 hours agoXRP rockets 26% as Ripple execs hail $125M penalty as ‘victory’XRP’s price has surged 26% as the Ripple vs. SEC case appears to be nearing its final stages, with no signs suggesting XRP will
2024-08-08 10:18 AM
EU Seeks to Curb Reliance on US Dollar After American Sanctions Exposed Financial Infrastructure Vulnerabilities
EU Seeks to Curb Reliance on US Dollar After American Sanctions Exposed Financial Infrastructure Vulnerabilities The European Union (EU) is reportedly planning t
2021-01-19 09:30 AM
Purse.io Returns: Company Reveals Crypto Marketplace ‘Is Here to Stay’
Purse.io Returns: Company Reveals Crypto Marketplace "Is Here to Stay" On April 17, new.Bitcoin.com reported on the crypto marketplace Purse.io announcing the company would dissolve
2020-04-27 08:03 AM