Experts from application developer for ethereum network, Level K, found a vulnerability in ethereum protocol that was affecting a lot of different cryptocurrency exchanges, according to the report that was posted in an official company’s twitter account.
The disclosure is now public: https://t.co/xVwsG9EBET We appreciate the patience while affected parties were notified.
— Level K (@levelk_io) November 21, 2018
It was also stated that the bug was allowing hackers to receive new coins from the air. Thus, When ETH is sent to an address, that address is able to perform arbitrary computations paid for by the originator of the transaction. This is a known vector for griefing. However, in some cases, at-risk systems such as exchanges did not put proper protections in place.
GasToken, which takes advantage of the refund mechanism on storage in ethereum, allows users to store gas when the gas price is low and receive a gas refund when the gas price is high. By minting large amounts of GasToken when receiving ETH, the griefing vector mentioned above can now be a profitable attack.
The document describing the problems states that the information was disclosed in private because at that time it was not yet known which exchanges implemented the necessary precautions. According to Level K, the vulnerability was eliminated by all trading platforms that received the notification.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.