Connect with us
  • Home
  • Start here
  • Bitcoin Charts & More
  • Submit PR
  • Advertisement
  • Contact

Ethereum News

Ethereum’s Token Just Got Hit By A Malicious Minting Attack



One Ethereum Smart contract and dApp developer named Level K is in the latest cryptocurrency news for uncovering the existence of a vulnerability within the Ethereum framework that allows bad actors to mint large amounts of GasToken when receiving ETH.

As the official bog post that was published on November 21st outlined, the weakness has been flagged to most at-risk exchanges who have since released software patches that address the threat.

The vulnerability arises every time ETH is sent to an address which is able to carry out arbitrary computations that the transaction originator pays for. In theory, the only way to attack the token is by making a transaction originator such as an exchange to pay for an arbitrary amount of computation if the exchange has no protections (such as gas limits) set up.

Analysts claim that the risk is not only limited to ETH right now – but also includes all the Ethereum-based tokens such as the ones built on the ERC-721 and ERC-20 standards. As an excerpt from the material published by Level K explains:

“In the simplest exploit scenario, Alice runs an exchange, which Bob wants to harm. Bob can initiate withdrawals to a contract address he controls with a computationally intensive fallback function. If Alice has neglected to set a reasonable gas limit, she will pay transaction fees out of her hot wallet. Given enough transactions, Bob can drain Alice’s funds. If Alice fails to enforce Know Your Customer (KYC) policies, Bob can create numerous accounts to circumvent single-account withdrawal limits. In addition, if Bob also wants to make a profit, he can mint GasToken in his fallback function, and make money while causing Alice’s wallet to drain.”

According to the lead developer at Ethereum, exchanges affected by the vulnerability were notified privately on November 13th. Since it wasn’t possible to say which ones had no protections in place, the notifications were sent to as many exchanges as possible.

Level K also published further information and a complete overview of the threat as well as the actions taken to contain it – which can be seen on this link.

Share This With Your Friends

DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at

Continue Reading

Ethereum News

Mining Ethereum Can Make You A Target For Hack Attacks According To Developers

As time goes by, hackers are getting creative and are finding new ways to steal your cryptocurrencies. In today’s ethereum news we take a look at the massive growth in hack attacks in ethereum wallets since they have a specific vulnerability. According to developers, the hackers are targeting Ethereum wallets and mining equipment through an exposed port 8545 on specific devices, which is a standard port for the JSON-RPC interface that can be used for mine-related activities. The ethereum developers have also warned users about the dangers of exposing the interface when using equipment for mining ethereum and the ethereum software, urging them to create a password for the interface to activate a firewall. The JSON-RPC interface doesn’t come with a password. Users can set one but they rarely do. For Ethereum wallets that are exposed, hackers can send the API different commands and transfer funds from the wallet they attacked. The mining rigs producers have also done the best they can to limit the damage that is caused by the problematic interface by urging the users to add a password. Other removed the interface totally. This is the first time that the market scanning is done in a bear market. All of the data reports show that all of the analyses were conducted when the prices were stable. What makes the market scanning that hackers do incredibly difficult to understand is how it can be possible to find such tools so easy to exploit Ethereum clients. More than 4,500 devices made up of Geth mining rigs and Parity wallets are the ones that are the most vulnerable devices. In 2017, hackers managed to steal about $32 million in ether because of the vulnerability in Parity’s multi-signature wallet.
Continue Reading

Ethereum News

Ethereum Browser Startup Status Cuts Down A Quarter Of Its Staff

The Ethereum startup Status decided to lay off about 25 percent of its staff, according to the latest crypto news allegedly due to the steep decline in the crypto prices. Announcing the decision on Monday, the co-founder Jarrad Hope explained that the startup is big and that it cannot be sustained since the ethereum’s price dropped more than 80 percent. The startup originally managed to raise 182,000 ETH last year during a token sale which is approximately $64 million. Another problem of the startup was the lack of solid banking partners until the second quarter of 2018. Status decided to cut off a quarter of its staff and the company believes that this decision is considered ‘’non-essential’’ to the long-term goals of the startup. However, the startup hopes to stretch its fiat currency holdings so they can manage to cover their expenses for the next six months. The company also hopes that the employees will accept the pay cuts and that they will accept the greater amount of SNT tokens to sooth the cut. Hope continued to explain:
 “The reality is that we will have to make another assessment end of Q2 which if the market hasn’t picked up we will be forced to make the organization even leaner, and the remaining fiat and our large ETH holdings will be used to create a runway measured in years.”
Now, the priorities are to keep up the promises that the company made in its white paper and to get the app to be usable. Also, despite the cuts, Status confirms that they still have enough engineers that will work on the promises.
Continue Reading

Ethereum News

Hack Attacks Towards Ethereum On The Rise As Price Struggles To Climb Above $90

After dropping to a yearly low of $82, Ethereum (ETH) managed to regain its traction and experienced a short-term corrective rally that pushed the price to the current one of $89, but the hack attacks seem to be on the rise again according to the latest ethereum news. According to a tech magazine ZDNet another wave of hack attacks seems to be on the rise again after a research done by the monitoring company Bad Packets LLC revealed that the price drop didn’t stop malicious individuals or groups to from stealing from miners and investors. Hackers are working intensely to identify mining rigs and wallets by scanning the network which will lead them to gain control and redirect the funds to other places. The Bad Packets co-founder commented:
 “Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it's pennies a day.’’
The phenomenon of scanning the ethereum network was first discussed in June this year after one operation managed to obtain $20 million in ETH. Other incidents include joining different groups and parties to separate the crypto holders from their valuable assets. This year is possibly one of the worst years for cryptojacking or hack attacks which multiple companies monitor as well. Hackers tried to command the devices that mine in order to steal cryptocurrency. The monitoring companies noted a 500 percent increase this year only. Many new users don’t recognize this threat and many don’t understand it which is even a bigger potential of crypto jacking.
Continue Reading

Ethereum News

Developers Tested Exchanging ERC-20 Tokens Using The Second-Layer LN Protocol

A new report by the R&D lab at the crypto startup TenX is in today’s ethereum news for testing the cross-blockchain interoperability protocol that allows transferring the ERC20 tokens for BTC by using the Lighting Network. According to the report, the test was conducted in order to exchange ERC-20 tokens that run on the ethereum network and they rely on the smart contracts for easier ownership transfer, for Bitcoin’s Satoshi, the smallest possible unit able to transact by using the Lightning Network’s second layer protocol. The lightning network is one of the most successful solutions for the biggest problem bitcoin has-scalability. The method uses Hashed Timelock Contracts (HTLCs) so they get the ability to open payment channels between users that keep their transactions off-chain. The previous Ethereum HTLC CoBlox was much more simple and it involved native assets. CoBlox noted that their approach is to split the HTLC into two transactions: ‘’contract deployment’’ and ‘’ERC20 transfer call’’ but end up not being able to combine the two. In the report you can read that:
 “The ERC20 transfer function uses msg.sender for authentication. However, calling transfer from a contract deployment sets msg.sender to the address of the yet to be deployed contract which obviously has no tokens!”
CoBlox noted that using the Lightning Network for atomic swaps allows the users to create invoices and pay them instantly but they also point out that the atomic swap can’t always be expressed with this model. They are still looking for other possible solutions to resolve this issue and this is one of the reasons they haven’t included the results of the PoC for the ERC20 tokens.
Continue Reading


For Updates & Exclusive Offers
enter your email below


Join us on Facebook

Recent Posts




No Events



Trending Worldwide