OKEx – a well-liked digital asset buying and selling platform which supplies fiat-to-cryptocurrency, cryptocurrency-to-cryptocurrency, and derivatives buying and selling providers – has suspended the deposit of all ERC-20 tokens after discovering a sensible contract bug. Pending deposits are reportedly protected, nonetheless.
The bug in query purportedly permits attackers to extra simply manipulate value on the platform. Due to this fact, to guard market integrity on the platform, OKEx has stopped the circulation of incoming ERC-20 tokens. In an official weblog submit, the corporate introduced:
We’re suspending the deposits of all ERC-20 tokens because of the discovery of a brand new good contract bug – “BatchOverFlow”. By exploiting the bug, attackers can generate a particularly great amount of tokens, and deposit them into a standard deal with. This makes lots of the ERC-20 tokens susceptible to cost manipulations of the attackers.
To guard public curiosity, we now have determined to droop the deposits of all ERC-20 tokens till the bug is mounted. Additionally, we now have contacted the affected token groups to conduct investigation and take crucial measures to stop the assault.
When you’ve got already made a deposit request on the platform, OKEx has assured customers that their tokens are protected and sound:
When you’ve got already made a deposit request, your funds will arrive safely after our deposit service resumed. We apologize for any inconvenience brought about.
Changelly, one other common cryptocurrency buying and selling service, has additionally suspended ERC20 token buying and selling in response to the information of the exploit.
Expensive Clients, ERC20 tokens are briefly unavailable on account of an exploit examine. We’ll convey them again, as soon as we’re certain there is no such thing as a vulnerability in deposits acquired. Observe the updates! https://t.co/qYutri4X3X
— Changelly.com (@Changelly_team) April 25, 2018
Not so “Sensible”
The exploit was apparently found on April 22, when Coinmonks wrote that their “system raised an alarm which is said to an uncommon BEC token transaction.” The authors additional famous: