A bug focused on the Ethereum-based GasToken, which has made it possible for malicious parties to commit certain abuses against crypto exchanges, has been addressed.
The bug has enabled hackers to drive crypto exchanges to pay astronomical fees. As of press time, it is still, however, uncertain which exchanges do not have the necessary security measures to avert the problem from intensifying. The hackers may still possibly use the bug to gain profits.
A group of crypto researchers has detected the problem. Subsequently, they have sent “private messages” to “as many digital exchanges as possible.” These platforms eventually imposed the much-needed security actions to disrupt the bug and stop the threat.
The researchers have also discovered that many exchanges have not implemented the proper limits on GasToken usage and that it is possible to send numerous tokens to random addresses. Once a transaction is completed, the hackers may then force exchanges to pay exorbitant fees for ongoing computation an eventually drain the exchanges’ reserves. At the same time, these malicious players can also mint (the process of creating new coins for profit) new GasTokens if they choose to do so.
Hackers can also impose high fees on random accounts. Fortunately, not all exchanges are susceptible to the bug since only exchanges involved in Ethereum-based transactions are reportedly targeted.
The exchanges have been later narrowed down to those who initiated such transactions and not those that processed them, which further trimmed down the number of platforms affected. For instance, decentralized exchanges that use smart contracts to process funds are not vulnerable to such attacks.
Researchers immediately advised those that are vulnerable to the attack to put in place “reasonable gas limits on all transactions” when they discovered it in October. Said exchanges had already employed the appropriate defenses, by the time of writing.