Connect with us
  • Home
  • Start here
  • Bitcoin Charts & More
  • Submit PR
  • Advertisement
  • Contact
CLOSE

Ethereum News

Ethereum’s Token Just Got Hit By A Malicious Minting Attack

Published

on

One Ethereum Smart contract and dApp developer named Level K is in the latest cryptocurrency news for uncovering the existence of a vulnerability within the Ethereum framework that allows bad actors to mint large amounts of GasToken when receiving ETH.

As the official bog post that was published on November 21st outlined, the weakness has been flagged to most at-risk exchanges who have since released software patches that address the threat.

The vulnerability arises every time ETH is sent to an address which is able to carry out arbitrary computations that the transaction originator pays for. In theory, the only way to attack the token is by making a transaction originator such as an exchange to pay for an arbitrary amount of computation if the exchange has no protections (such as gas limits) set up.

Analysts claim that the risk is not only limited to ETH right now – but also includes all the Ethereum-based tokens such as the ones built on the ERC-721 and ERC-20 standards. As an excerpt from the material published by Level K explains:

“In the simplest exploit scenario, Alice runs an exchange, which Bob wants to harm. Bob can initiate withdrawals to a contract address he controls with a computationally intensive fallback function. If Alice has neglected to set a reasonable gas limit, she will pay transaction fees out of her hot wallet. Given enough transactions, Bob can drain Alice’s funds. If Alice fails to enforce Know Your Customer (KYC) policies, Bob can create numerous accounts to circumvent single-account withdrawal limits. In addition, if Bob also wants to make a profit, he can mint GasToken in his fallback function, and make money while causing Alice’s wallet to drain.”

According to the lead developer at Ethereum, exchanges affected by the vulnerability were notified privately on November 13th. Since it wasn’t possible to say which ones had no protections in place, the notifications were sent to as many exchanges as possible.

Level K also published further information and a complete overview of the threat as well as the actions taken to contain it – which can be seen on this link.

Share This With Your Friends

DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at editor@dcforecasts.com

Continue Reading
Comments
Advertisement

Blockchain News

New Privacy Mechanism For ETH Smart Contracts Developed By Stanford Researchers

Stanford University researchers are in our blockchain news today after partnering with VISA research to develop a privacy mechanism for ETH smart contracts according to a published paper on the university’s applied cryptography group website. The paper notes that the researches created a fully-decentralized mechanism that is confidentially called ‘’Zether’’. The developers developed a new smart contract that can be executed by other smart contracts or individually and at the same time is able to maintain the account balances encrypted. The authors of the paper claim that Zether transactions are confidential and one transaction costs about $1.51. Users will be able to lock funds in the account to the smart contract and according to the report:
 “We describe an extension to Zether that can also hide the sender and receiver involved in a transaction among a group of users chosen by the sender. Though the overhead associated with anonymity scales linearly with the size of the group, no trusted set-up is needed and no changes to the underlying smart contract platform are required.”
The report specifies that the Zether contract will never transfer funds without checking a transfer proof in order to prevent illegal transfers. This new design makes sure that the security of Zether depends on itself and not on third-parties or outside smart contracts. All of the privacy coins that provide users with a higher level of anonymity are still receiving mixed feelings from the community. For example, Charlie Lee declared he is focused on making Litecoin more fungible and private and to implement confidential transactions sometime in 2019.
`
Continue Reading

Ethereum News

Parity Manager Quits All Ethereum Projects After Controversial Tweet

The release manager at the blockchain-based Parity Technologies company, Afri Schoedon, reportedly quit all of the Ethereum projects after he tweeted something deemed controversial and caused outrage on social media so we are about to find out more about his tweet in our digital currency news below. Schoedon criticized Serenity (Ethereum 2.0), the final upgrade for the ETH network by saying:
 “Polkadot delivers what Serenity ought to be...”
Polkadot is a protocol created by Parity that aims to link different blockchains. Schoedon said that he will not work on ETH-projects anymore but will remain with Parity:
 “Polkadot is not a direct competitor to Ethereum and chains like Ethereum were always an integral part of the Polkadot vision. The focus of my tweet wasn’t Polkadot or competition, but Serenity, which is, in my eyes, rolled out too slowly, and I fear that it [won’t] matter anymore once we get there. People didn’t get that, and only I am to blame for not getting the message straight.”
He also said that he believes that the Ethereum community has to find some shared goals and values. After he published his tweet, users accused him of betrayal and of sabotaging Ethereum. However, he clarified:
"I did not quit social media, I quit Ethereum. I did not go dark, I just left the community. I am no longer coordinating hard forks, building testnets, or contributing otherwise. I did not work on Polkadot, I never did, I worked on Ethereum. I did not hate Ethereum, I loved it."
Despite his addressing, some people such as blockchain entrepreneur Andreas Kristof said that Schoedon was the only one, directly responsible for the delay of Serenity.
`
Continue Reading

Blockchain News

MyEtherWallet Is Releasing A Converting Crypto Platform Without KYC Requirements

MyEtherWallet crypto wallet partnered with the crypto finance company Bity to release a cryptocurrency converting platform to fiat currency without the Know Your Customer (KYC) requirements according to the announcements published in a blog post that reached our blockchain news today. According to the announcement, users of the MyEtherWallet are now able to exchange about 5,000 Swiss Francs worth of Ethereum and Bitcoin to euros without going through KYC requirements within the wallet. Users can make the exchanges no matter where in the world they are. The KYC requirements enable organizations to verify the identity of the customers. All of the businesses can assess whether their clients are conducting illegal activities. Customers that use the ‘’Exit-to-Fiat’’ option have to choose the digital and fiat currencies in the dashboard of the wallet and will later be asked to provide personal data such as bank account number, billing address, phone number etc. The anonymity of cryptocurrencies gets constantly linked with the government’s regulators illicit activities such as last month when the Cyberspace Administration of China introduced a new set of regulations for blockchain companies. The new regulations require for all of the blockchain startups to allow access for authorities to stored data and to implement procedures that require ID card or mobile phones from the users. Back in April 2018, Amazon Technologies received a patent for streaming data marketplace that enables the real-time tracking of all the cryptocurrency transactions but also allows for data information for all the users involved. This could eventually lead to deanonymization of the crypto transactions done with Bitcoin or Ethereum.
`
Continue Reading

Ethereum News

Ethereum (ETH) Pushes Above Key Moving Averages, Surging 37% This February

The second largest cryptocurrency by market capitalization, Ethereum (ETH), is in the cryptocurrency news for showing a positive increase of around 37% in February so far. Just like Bitcoin (BTC), ETH has managed to cross over a key long-term indicator along with the 100-period moving average which is a sign that a larger trend change could be in development. The price action peaked along with a strong area of support which turned resistance between the $140 and $149 mark shortly after the Monday trading session began. ETH has risen and closed above the 100-period moving average (MA) on the daily chart as a sign that price action is changing from bearish to bullish. The relative strength index (RSI), on the other hand, has reinforced the notion of the higher lows after a break from the 12-month lower low market structure was seen. If the direction of this trend is to be sustained, the new target for the bulls in the short-term would rest along January 5th's peak high of $160.62 which was previously rejected by the 200-day moving average. ETH/BTC is now strong and the ERC-20 tokens which mimic Ethereum's rise and are part of its ecosystem such as Maker (MKR) and Binance (BNB) are surging as well - currently up by 70% and 61.88% this month, respectively.
`
Continue Reading

Newsletter

For Updates & Exclusive Offers
enter your email below








ADVERTISEMENT

Join us on Facebook

Recent Posts

ADVERTISEMENT



UPCOMING EVENTS RECOMMEND BY DC FORECASTS

march

No Events

NEWS CATEGORIES

ADVERTISEMENT



Trending Worldwide

X
X