A Billion EOS Tokens Faked To Rob Decentralized Exchange

    Must Read

    Top Analyst: XRP Has Room to Run as Price Moves to $0.31

    Christmas may be coming early for holders of XRP, the third-largest cryptocurrency by market capitalization. As of the time...

    Blockchain Analytics Firm CipherTrace to Support Traceability for Binance Chain, BNB

    Menlo Park, California-based CipherTrace, a leading blockchain and Big Data analytics firm, announced on November 5 that it has...

    Stellar (XLM) Surges 14% Following SDF’s Massive 55 Billion Lumens Token Burn

    The Stellar Development Foundation (SDF), a non-profit entity established in 2014 to support the ongoing development of the open-source...
    Martin Young
    Martin Young
    Martin has been writing on technology and forex for 15 years, he has a keen eye for emerging cryptocurrency news, blockchain developments, and market sentiment.

    For the second time in a week the EOS platform has been in the spotlight for the wrong reasons. Hackers have managed to flood a decentralized exchange with fake EOS tokens to steal thousands in cryptocurrency.

    Around $58,000 was stolen from the Newdex exchange when a security flaw was exploited by hackers. According to Hard Fork the cunning cyber criminals spoofed the exchange into thinking a fake token was actually the real thing. The hackers created a new EOS based token that they named ‘EOS’ in order to steal BLACK, IQ, and ADD tokens from the exchange.

    Newdex has confirmed the hack and issued a statement;

    “EOS account oo1122334455 issued 1,000,000,000 fake EOS tokens. After testing the feasibility of the attack, the account began to place large buy orders. A total of 11,800 fake EOS orders were issued to purchase BLACK, IQ [sic] and ADD.”

    The fake EOS tokens were then traded for real ones which were then transferred to Bittrex according to the statement. The hackers got away with 4,028 EOS tokens worth around $19,450 at current trading prices. The total loss amounted to nearly $58,000 which has been suffered by Newdex users. The exchange has yet to state whether there will be any reimbursement.

    The vulnerability stems from the EOS platform enabling anyone to make a token calling it whatever they want, including ‘EOS’ apparently. Secondly Newdex does not use smart contracts so there was no way of verifying the authenticity of the tokens.

    The EOS community commented on the way single user accounts can act as an exchange on the DEX;

    “They deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it.”

    Without a smart contract, as in the case with the newdexpocket account, users are simply sending tokens to an EOS wallet without any authentication process, and hoping they will execute. Hard Fork also reported that it used the exact same key for both its owner and active permissions. This resulted in an attack that may have been mitigated if the exchange used mulit-sig wallets as most do.

    Last week EOS suffered another smart contract breech when the EOSBet dApp was hacked resulting in the loss of over $220,000 in cryptocurrency. Until this technology develops and secure standards and practices are in place hackers are going to find ways to exploit the vulnerabilities in platforms and exchanges.

    More Articles Like This