Author

Topic: DELETE (Read 216 times)

jr. member
Activity: 41
Merit: 793
inactive
April 28, 2018, 04:18:05 AM
#21
Updates:

Changelly.com

Quote
ERC20 tokens are back! Feel free to exchange them in an instant

https://twitter.com/Changelly_team/status/989498040129130496


Anyone knows something about OKEx?


Best regards,
Nestade
jr. member
Activity: 41
Merit: 793
inactive
April 26, 2018, 07:02:53 AM
#19
Very good that it's finally been fixed, a day's worth of trading lost isn't some minor issue IMO.
Makes you wonder how many other bugs are still undiscovered, if one as severe as this one could still slip through.

I definitely wouldn't mind if ETH got some serious competition in the future, in this case competition is definitely a good thing, as it keeps innovation and security a top priority.

Well, the vulnerability is still not fixed - exchanges just restarted trading.
jr. member
Activity: 41
Merit: 793
inactive
April 26, 2018, 06:28:58 AM
#17
Updates:

HitBTC:

Quote
Dear traders, the ERC20 deposits are back online. The transfers are still disabled for an inspection. The transfers will be getting online in accordance with the results of the inspection. Please refer to the System Health page (https://hitbtc.com/system-health ) for status.

https://twitter.com/hitbtc/status/989166650602721280



QUOINEX:

Quote
Dear QUOINERS,

We are pleased to announce that all trading, deposits and withdrawals are now online. We have done a thorough analysis of all the ERC-20 coins and tokens we list and have concluded that there is no risk from the BatchOverflow bug.

We thank you for your patience.

https://twitter.com/QUOINE_SG/status/989443133778857985



Poloniex:

Quote
Deposits and withdrawals for ERC-20 tokens have now been re-enabled.

https://twitter.com/Poloniex/status/989158011901042689



No news about Changelly.com and OKEx.


Best Regards,
Nestade
sr. member
Activity: 560
Merit: 273
April 26, 2018, 07:20:25 AM
#16
Very good that it's finally been fixed, a day's worth of trading lost isn't some minor issue IMO.
Makes you wonder how many other bugs are still undiscovered, if one as severe as this one could still slip through.

I definitely wouldn't mind if ETH got some serious competition in the future, in this case competition is definitely a good thing, as it keeps innovation and security a top priority.

Well, the vulnerability is still not fixed - exchanges just restarted trading.

Well, exchanges’ response to halt trade, deposit and withdrawal of ALL ERC20 tokens seems a bit rushed, if you ask me. There’s nothing fundamentally wrong with Ethereum or most ERC20 tokens. The "bug" called an integer overflow is well known and common in many programming languages, not just Solidity. Any developers of some worth should know about this issue and correctly use a SafeMath library to catch overflows, thus preventing them from impacting the logic of the smart contract.
legendary
Activity: 1792
Merit: 1283
April 26, 2018, 06:38:28 AM
#15
Very good that it's finally been fixed, a day's worth of trading lost isn't some minor issue IMO.
Makes you wonder how many other bugs are still undiscovered, if one as severe as this one could still slip through.

I definitely wouldn't mind if ETH got some serious competition in the future, in this case competition is definitely a good thing, as it keeps innovation and security a top priority.
sr. member
Activity: 560
Merit: 273
April 26, 2018, 01:47:05 AM
#14
If I'm getting this right, not many tokens are affected by this bug. Developers of these tokens will probably need to make a changes in a smart contract and do a token swap.
Makes me wonder if there is a list of tokens that contains this problematic function somewhere?
member
Activity: 151
Merit: 10
April 25, 2018, 10:16:54 PM
#13
I do not know about this, after I got email from qryptos and see some groups turned out this is true, this is bad news for Ethereum. I think having a smart contract platform is the best solution. there are still serious problems in it. hopefully the ethereum development team can fix this problem immediately, so as not to lose confidence for traders and investors.
I hope to recover quickly, I believe in the strength of the technicians, but also hope that they will be able to guard against some possible vulnerabilities and know that the impact of these problems on the ETH is a little big.
full member
Activity: 588
Merit: 106
April 25, 2018, 06:04:23 PM
#12
I do not know about this, after I got email from qryptos and see some groups turned out this is true, this is bad news for Ethereum. I think having a smart contract platform is the best solution. there are still serious problems in it. hopefully the ethereum development team can fix this problem immediately, so as not to lose confidence for traders and investors.
full member
Activity: 378
Merit: 101
April 25, 2018, 05:25:45 PM
#11
Good article, crazy that such a tiny function can be overlooked. This is the problem when all the developers are split over thousands of different projects instead of focusing on a core set of modules that are universally used.
hero member
Activity: 2436
Merit: 503
Cryptocasino.com
April 25, 2018, 05:21:53 PM
#10
No wonder all the alt prices are falling, bloody ethereum and their crap erc20 tokens. Everyone should go and use the NEO tokens instead. More secure and less blockchain bloat, i can see NEO rising after all this ethereum hacked debacle.

Well, I'm sure NEO also has enough unknown vulnerabilities just like ETH (and its ERC20 Smart Contracts) - but yes, would be nice if NEO would rise a little bit Smiley
The MyEtherWallet-'Hack' was done trough DNS-hijacking - could happen to every website.
But It has not yet discovered, Better now than later. I guess there is no perfect code but just the vulnerabilities are still not yet discovered by someone just like parity. None of them have know about that but one of parity user was activating the unknown vulnerability and it self destruct the contract.
member
Activity: 234
Merit: 10
April 25, 2018, 05:20:16 PM
#9
Well i am trading on HitBTC and it is not solved yet, any ideas of why they are still halting movements from trading balance to main balance? This is really bothering myself, i am a little bit scared about it..
Hmmm I didn't know that. But looks like it can be fixed easily. Nice response by the exchanges.
I hope we see it esolved soon.
full member
Activity: 308
Merit: 100
The Operating System for DAOs
April 25, 2018, 05:17:48 PM
#8
Looks like multiple exchanges stopped ERC20-token deposits/withdrawals temporarily due to a exploitable bug in multiple ERC20 contracts.


I found this interesting article about the vulnerability including proof of concept:
https://medium.com/coinmonks/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536



CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10299




OKEx:

Quote
Dear valued customers,

We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug - "BatchOverFlow". By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.

To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.

If you have already made a deposit request, your funds will arrive safely after our deposit service resumed. We apologize for any inconvenience caused.

Regards,
OKEx
Apr 25, 2018

https://support.okex.com/hc/en-us/articles/360003019292


Poloniex: (re-enabled)

Quote
We've temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!

2:46 PM - 25 Apr 2018

https://twitter.com/Poloniex/status/989123551788785666


HitBTC: (partially re-enabled)

Quote
Due to a potential issue detected in ERC20 smart contracts, we initiated an internal inspection. All deposits and transfers on ERC20 tokens will be getting online in accordance with the results of the inspection. Please refer to the System Health page for online status.

https://twitter.com/hitbtc/status/989121599877066753


Changelly.com:

Quote
Dear Customers, ERC20 tokens are temporarily unavailable due to an exploit check. We will bring them back, once we are sure there is no vulnerability in deposits received. Follow the updates!

https://twitter.com/Changelly_team/status/989083263317762049


QUOINEX:

Quote
As a precautionary measure, we are suspending trading/deposits of erc20 tokens along with a suspension of withdrawals (fiat/crypto) on QRYPTOS/QUOINEX in response to the discovery of the BatchOverFlow bug. We will resume normal business when we are certain there are no risks.

https://twitter.com/QUOINE_SG/status/989168290646937605

If I'm not wrong then everything is fine. At least Poloniex has already started working with tokens ERC-20
@PoloniexAnnouncementsbot
Deposits and withdrawals for ERC-20 tokens have now been re-enabled.
jr. member
Activity: 151
Merit: 3
THE ONE STOP SOLUTION FOR THE CRYPTO WORLD
April 25, 2018, 05:14:18 PM
#7
Looks like multiple exchanges stopped ERC20-token deposits/withdrawals temporarily due to a exploitable bug in multiple ERC20 contracts.


I found this interesting article about the vulnerability including proof of concept:
https://medium.com/coinmonks/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536



CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10299




OKEx:

Quote
Dear valued customers,

We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug - "BatchOverFlow". By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.

To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.

If you have already made a deposit request, your funds will arrive safely after our deposit service resumed. We apologize for any inconvenience caused.

Regards,
OKEx
Apr 25, 2018

https://support.okex.com/hc/en-us/articles/360003019292


Poloniex: (re-enabled)

Quote
We've temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!

2:46 PM - 25 Apr 2018

https://twitter.com/Poloniex/status/989123551788785666


HitBTC: (partially re-enabled)

Quote
Due to a potential issue detected in ERC20 smart contracts, we initiated an internal inspection. All deposits and transfers on ERC20 tokens will be getting online in accordance with the results of the inspection. Please refer to the System Health page for online status.

https://twitter.com/hitbtc/status/989121599877066753


Changelly.com:

Quote
Dear Customers, ERC20 tokens are temporarily unavailable due to an exploit check. We will bring them back, once we are sure there is no vulnerability in deposits received. Follow the updates!

https://twitter.com/Changelly_team/status/989083263317762049


QUOINEX:

Quote
As a precautionary measure, we are suspending trading/deposits of erc20 tokens along with a suspension of withdrawals (fiat/crypto) on QRYPTOS/QUOINEX in response to the discovery of the BatchOverFlow bug. We will resume normal business when we are certain there are no risks.

https://twitter.com/QUOINE_SG/status/989168290646937605



This is terrible but good thing it was easy and quickly discovered. Code is taking over.  I just hope we don't advance to a d
Stage where human lives will be dependent on codes. But seems we are already there yet.
Good work exchanges
member
Activity: 67
Merit: 10
April 25, 2018, 05:07:10 PM
#6
Hmmm I didn't know that. But looks like it can be fixed easily. Nice response by the exchanges.
I hope we see it esolved soon.
full member
Activity: 168
Merit: 100
April 25, 2018, 04:54:18 PM
#5
No wonder all the alt prices are falling, bloody ethereum and their crap erc20 tokens. Everyone should go and use the NEO tokens instead. More secure and less blockchain bloat, i can see NEO rising after all this ethereum hacked debacle.

That is totally false, NEO is super complicated to use, and neo tokens are more than difficult to use, specially for a newbie (the security is not enough compared to ERC20)

But yes, Ethereum has a lot of issues anyway
jr. member
Activity: 156
Merit: 1
April 25, 2018, 04:49:25 PM
#4
And Qryptos Exchanger also disable ERC20 Deposit and withdraw option and even they disbale trading ! I think this is great decision that Many good exchangers are trying to stop scam people because of recent Mew Attack! The worst thing in the crypto market is Hack, Scam. Hope it will fix very soon. Thanks for the update.
full member
Activity: 630
Merit: 100
April 25, 2018, 04:34:19 PM
#3
No wonder all the alt prices are falling, bloody ethereum and their crap erc20 tokens. Everyone should go and use the NEO tokens instead. More secure and less blockchain bloat, i can see NEO rising after all this ethereum hacked debacle.
full member
Activity: 345
Merit: 114
April 25, 2018, 04:30:40 PM
#2
Wow, i dont even know how to code and this guy can make gazilion copy of existing token out of thin air, better get that bug fixed before any other token that have price get copied and that person start laundering his token in exchanger.
jr. member
Activity: 41
Merit: 793
inactive
April 25, 2018, 04:17:34 PM
#1
DELETE
Jump to: