Several crypto exchanges have temporarily suspended ERC20 deposits due to the discovery of an Ethereum smart contract bug.
A Medium post from April 22nd announced the discovery. Labelled as the “batchOverflow” vulnerability, this Ethereum smart contract bug allows hackers to generate a large number of tokens from nothing and then deposit those tokens into a regular Ethereum address.
The initial discovery was of an extremely large transfer of BeautyChain, or BEC, tokens. Two large token transfers were completed, each being deposited into two different addresses. After further analysis of other contracts, the results showed that “more than a dozen of ERC20 contracts are also vulnerable to batchOverflow.”
The team behind the discovery has attempted to contact all teams who own the vulnerable contracts so that something can be done to fix the problem.
In the meantime, the OKEx crypto exchange, along with the cryptocurrency trading service Changelly, have both announced the temporary suspension of ERC20 deposits until the bug is fixed.
— OKEx (@OKEx_) April 25, 2018
Dear Customers, ERC20 tokens are temporarily unavailable due to an exploit check. We will bring them back, once we are sure there is no vulnerability in deposits received. Follow the updates! https://t.co/qYutri4X3X
— Changelly.com (@Changelly_team) April 25, 2018
One of the main fears is that this particular Ethereum smart contract bug will cause price manipulations to many of the vulnerable ERC20 tokens. This was last seen in the Binance incident when attackers manipulated Viacoin (VIA), exchanging users’ altcoins for VIA and causing VIA’s price to climb.
It’s still unclear how many ERC20 tokens are vulnerable to this bug, or which ones specifically are affected. More digging will have to be done to find out. So far, BeautyChain is the only confirmed token to be attacked. Its trading was suspended as of April 22nd on several exchanges.
What’s going to happen next?
Featured image: BitNovosti