Ethereum Cryptocurrency Exchange Flaw Exposed, Best Ways to AvoidPosted by Oodles Technologies on July 17th, 2019 Vulnerability in Ethereum Cryptocurrency ExchangeGas Token, the exchange currency of Ethereum, is found to have a major flaw. An exchange development company exposed the bug that makes it possible to drain large reserves from exchanges as payments for massive computations. Any Ethereum Cryptocurrency Exchange might be in a potential risk because hackers might withdraw large sums of Gas Tokens to any random address using this flaw. Apparently, an attacker can make any user or exchange transfer any amount of Gas or Ethereum to an address. The origin of this vulnerability is in the fact that Gas Tokens can be transferred to a random address and it can be used to implement computations on the account of the originator of the transaction. What can the Attacker do?An attacker can withdraw any funds from an exchange or a user using a fallback function if the former has not set up any limit on the amount of Gas Tokens in each transaction. The amount required to compute the function will be paid from the wallet of the exchange. Using this technique, the attacker can withdraw any amount to multiple accounts incurring a huge heist in the exchange. An attacker can also mint Gas Tokens using the funds from the user or Ethereum Cryptocurrency Exchange. Who are Vulnerable to this Attack?Exchanges or users who initiate Ethereum transactions without setting a limit are exposed to this issue. Any entity that processes the transaction including Decentralized Exchanges and Relay Services does not have to worry. However, the problem is not only with Ethereum but also in Ethereum based tokens like ERC 20 and ERC 721. Thus, any entity that initiates Ethereum and Ethereum based tokens without setting any predefined limit on transactions are exposed to this bug. Any Ethereum Cryptocurrency Exchange that has no limitation of the type of address is more vulnerable because, such exchanges can be forced to send currencies to a smart contract address, rather than a wallet. In this case, exchanges might loss huge amounts, as the Smart Contract could be used to drain computational power. Moreover, the popularity of Ethereum blockchain has put a large number of stakeholders into a jeopardy. We are a leading Ethereum App Development Company, offering top-tier blockchain based application development solutions to businesses across the globe. Like it? Share it!More by this author |