Hackers flood ‘decentralized’ cryptocurrency exchange with 1 billion fake EOS
Hackers reportedly created 1 billion fake EOS to rob a decentralised crypto exchange. After flooding the platform with fake EOS, the thieves managed to steal around $58,000 worth in cryptocurrency directly from the users.
According to TheNextWeb report, a new EOS-based token was created by the hackers, ironically, it was named “EOS” only. It was then used to purchase BLACK, IQ, and ADD tokens illegitimately from the exchange service Newdex. “EOS account oo1122334455 issued 1,000,000,000 fake EOS tokens,” Newdex wrote in a statement.
Newdex further added, “After testing the feasibility of the attack, the account began to place large [buy orders]. A total of 11,800 fake EOS orders were issued to purchase BLACK, IQ [sic] and ADD.”
The hackers traded the tokens for real cryptocurrency. Later, Newdex revealed that the thieves managed to siphon around 4,028 real EOS tokens (worth around $20,000) to cryptocurrency exchange desk Bitfinex. Ultimately, the users of Newdex dApp had to suffer loses of around $58,000. The team reportedly apologised for the mishap, however, they made no announcement to compensate users who were affected.
Why & how did such an incident take place?
The major reason behind the vulnerability is possibly due to two things – First, anyone can use EOS to create a token and it can be named anything; all one needs is an EOS account. Second, the ‘decentralised’ exchange, Newdex, doesn’t use smart contracts. So, there’s practically nothing to assure the authenticity of the cryptos being flooded into it.
This have happened because the developers might be using the hype that’s created around the decentralized exchanges (DEX), by appearing to be one of them. However, in reality, maybe a single user account is handling all the trades, pretending to be an exchange. This was even pointed out by the community a few days before the attack. A Redditor posted, “…They deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it.”
Image via Shutterstock
Join our Telegram group