Yesterday evening, the Armors Blockchain Security Lab issued a document saying that “surveying suspected USDT attacks, it is recommended that the major exchanges suspend the USDT business, self-check code!”
Slow fog technology also made remarks later, reminding major exchanges to suspend the USDT recharge function as soon as possible, and checking the code for logic defects.
As soon as the news was made, each exchange conducted a function of recharging the usdt at the first time. If there was a logical defect in the success, it was not verified whether the value of the valid field in the transaction details on the blockchain was true, resulting in “false recharge”. The user successfully recharged the exchange with usdt without losing any usdt, and these usdt can be traded normally.
Slow fog area has confirmed that the real attack occurred. The relevant exchange shall suspend the USDT recharging function as soon as possible and check the code for the existence of the logical defect.
After the inspections were completed on multiple platforms, they issued announcements after they discovered that there were no “false recharge” loopholes.
Although the safety issue of the USDT has been resolved, the security issue is a problem that must be paid attention to in the current digital asset trading market. In 2018, the year of the rapid development of the blockchain industry, but it also faces various challenges, starting from the beginning of this year. There have been a number of security incidents in the industry, and people have to put security issues first:
At the beginning of 2018, the Japanese digital exchange Coincheck was hacked, and the NEM currency, the tenth-largest cryptocurrency market, was stolen, with a total value of $530 million. Among them, 260,000 customers lost a total of 400 million US dollars. After the incident, NEM’s market value suffered a heavy blow and fell more than 16% within 24 hours.
Coincheck is hacked
On the evening of March 7, the well-known cryptocurrency trading platform was suspected of being hacked and the trading system was faulty. Many investors’ altcoins were sold at market price and exchanged for bitcoin without knowing it, mainly involving more than 20 Currency. The hackers bought VIA at a high price using an embezzled user’s account, causing VIA’s highest point price to be blown to $0.025, an increase of more than 11000% compared to the lowest point in 24H. At the same time, the cryptocurrency market, including currency security and currency, plummeted, and the major currencies such as BTC, BCH, and ETH all fell by more than 5%. A large number of BTC/USDT trades also appeared in the currency, with BTC falling below US$10,000.
An invasion of currency security has caused turmoil in the cryptocurrency market
On March 30th, OKEx issued an announcement on the cryptocurrency exchange, stating that abnormal accounts had passed a lot of abnormal operations, causing abnormal BTC quarterly contract prices and a large deviation from the index. The BTC quarterly contract was once more than 20 percentage points lower than the spot index and the lowest point was close to 4,000 US dollars. According to netizen statistics, the contract that exploded 460,000 bitcoins for a short time in one hour suddenly pulled up by 10 after falling to the lowest point. At that point, some of the shorts were also exposed. In the abnormal fluctuations, the difference between the contract and spot price is close to 30%. So according to OKEx user agreement 6.2, the contract data is rolled back.
OKEx is maliciously shorted for data rollback
At about 13 o’clock on April 22, BEC suffered an abnormal transaction. At the request of the BeautyChain (BEC) project party, suspending BEC transactions and withdrawing cash, temporarily closing the BEC/USDT, BEC/BTC, BEC/ETH transactions, and BEC withdrawals. Opening hours will be announced.
There is a major loophole in the BEC US honey contract, and the attacker can generate tokens indefinitely through the bulk transfer method of the token contract. The hacker exploited the data breach of the BatchOverFlow vulnerability in the Ethereum ERC-20 smart contract to attack the smart contract of the company’s US-based partner BEC, which successfully transferred the BEC token to the two addresses. In the market, the amount of BEC in Shanghai was sold off. The value of this digital currency was almost zero, bringing a devastating blow to the BEC market transactions.
In addition to BEC Token, there are more than 12 projects Token’s smart contract has a BatchOverFlow integer overflow vulnerability, which hackers can use to generate “non-existent” virtual currency and make a profit.
Major loopholes in BEC contracts
On April 25th, SMT was exposed as a BEC-like loophole. The project party feedback found that there was an unusual problem in its transaction early in the morning. After preliminary investigation, there was a loophole in the Ethereum smart contract of SMT. The contract loophole in SMT was not implemented in the agent transfer logic. Number protection, causing large numbers to overflow. From around 3:30 in the morning, heavy volume fell, and after a short-term rebound, the volume dropped again. Multiple trading platforms suspended the SMT transaction in a timely manner.
SMT exposes similar BEC vulnerabilities
On April 25th, MyEtherWallet tweeted that their DNS was contaminated, causing some users to enter the fake website, resulting in the theft of ETH. Hackers have already stolen 24,130.543323767777777777 Ether and converted it to US$15,945,221.72 (@ $660.79/ETH).
MyEtherWallet account stolen DNS polluted
On May 22nd, OKEx had a serious bug and could make unlimited money to make money. Users said that after the user station USDT mutual conversion, the transferee does not deduct USDT. A to B to 10,000 USDT, B received 10,000 USDT, A’s money is not reduced. The OKEx market also showed abnormalities: BTC/USDT fell from 8220 US dollars to 6002 US dollars, and then quickly returned to normal levels, while the ETH/USDT once rose to 736 US dollars. There are also some users whose accounts appear to have funds showing errors.
OK serious Bug can be unlimited “money to make money”
On May 24, according to the slow fog zone news, the EDU smart contract has a loophole and can transfer the EDU Token of any account. A large number of looting behaviors have been discovered. The attacker does not need a private key to transfer all EDUs in your account, and because the contract does not have a Pause design, it cannot be stopped.
EDU smart contract has a major loophole
According to the slow fog zone disclosure, the BAI smart contract has the same loopholes as the EDU and can be transferred to any BAI Token in an account. At present, there are also a large number of acts of looting. Please calm down and pay attention to the official announcement of the project party.
BAI smart contract is exposed to the same vulnerability as EDU
On May 29th, 360 company Vulcan (Volgo) team discovered a series of high-risk security vulnerabilities in the blockchain platform EOS. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on the EOS node. That is, remote attacks can directly control and take over all nodes running on EOS. This means that hackers can gain supreme power – just upload a smart contract with malicious code to gain control of the super node. In the process of parsing smart contracts and packaging blocks, other nodes are also infected. In the end, all 21 super nodes, and even all spare nodes, will be controlled by hackers. The vulnerability was quickly fixed after it was exposed, and the EOS main network was also on schedule.
EOS main online line exposed high-risk security holes on the eve
On June 10th, Coinrail, the South Korean cryptocurrency exchange, said that the system encountered “network invasion”. Although this is only a small trading platform, the loss still exceeds US$40 million. The incident caused Bitcoin to fall for three consecutive days. Bitstamp data shows that as of 4pm that day, Bitcoin prices in the New York market have fallen to US$6,840, setting the biggest drop since March 14th, expanding bitcoin’s loss this year to 52%. The transaction prices of Ethereum and Ruibo, which are cryptocurrencies, fell by 10% and 11% respectively.
In less than ten days, the official website of the Bitthumb Exchange issued an announcement stating that the exchange had been hacked and had been stolen from a cryptocurrency valued at 35 billion won (about 32 million U.S. dollars).
The South Korean cryptocurrency exchange has been very active globally. The Bitcoin exchange market ranks third in the world. Second only to the United States and Japan, Bithumb is South Korea’s largest cryptocurrency exchange, accounting for more than 75% of the Korean bitcoin exchange market. The hacking of Bithumb is bound to cause panic in the cryptocurrency market.
Frequent Exchange Attacks Hackers “preferred” South Korea
The development of an industry cannot be separated from the self-discipline of the industry. Faced with rapid development and various challenges that will arise, it is necessary for the industry to continuously strengthen its own strength and raise its awareness of protection in order to prevent problems and prevent users and platforms from being created. Losses prevent hackers from exploiting attacks to create market panic. It is still necessary to remind investors that under the current situation where the security risks of the exchanges have not been completely eliminated, risks are evaded and investments are carefully made to protect their own virtual assets.