Revealed details of the vulnerability, which allows emptying the hot wallets of exchanges by burning Ethereum gas

Supplier dApp-solutions Level K revealed the details of the vulnerability in the network Ethereum, which was reported on 9 November.

The disclosure is now public: https://t.co/xVwsG9EBET We appreciate it.

– Level K (@levelk_io) November 21, 2018

The developers talked about the attack called “sabotage vector”, which exploited the possibility of random calculations using the address to which Ethereum coins were sent.

The attack could be capitalized through the Minting of GasToken tokens, tied to the cost of gas in the Ethereum network, due to random calculations when receiving ETH to your address, and the initiator of the transaction would have to pay for these actions. As a result, the exchanges that did not implement such precautions as a gas limit were threatened.

At the same time, the vulnerability concerned not only Ethereum, but also ERC-20 and ERC-721 tokens. Thus, a potential attacker could not only deprive the “hot wallet” of some exchange of substantial funds by burning gas, but also enrich themselves.

At the moment, all trading platforms that have received notifications from Level K have implemented appropriate security measures.

Recall, on November 9, it also became aware of a vulnerability in the Python implementation of the Ethereum virtual machine.

Subscribe to BlockchainJournal news on Facebook !