LIVE
Taiwan Legislature Approves Crypto Law Establishing Regulatory FrameworkTrump Reportedly Holds Over $50M in Bitcoin in Cold WalletVisa, Stripe, Coinbase and BlackRock Back Open USD StablecoinSpot Bitcoin ETFs Face Worst Monthly Outflows Since LaunchNasdaq Brings Flagship Equity Data Onchain Via Pyth NetworkCrypto Firms Spend $189M on 2026 Midterms, Top 2024 TotalSharpLink Purchases 10,000 ETH Worth $16.1 MillionBitcoin Core Releases v31.1rc1 for Public TestingU.S. Spot Bitcoin ETFs See $231M in Outflows as Losing Streak Hits 8 DaysJPMorgan Expands Kinexys to Eight Currencies With AUD, HKD, JPY, CNY and SGDTaiwan Legislature Approves Crypto Law Establishing Regulatory FrameworkTrump Reportedly Holds Over $50M in Bitcoin in Cold WalletVisa, Stripe, Coinbase and BlackRock Back Open USD StablecoinSpot Bitcoin ETFs Face Worst Monthly Outflows Since LaunchNasdaq Brings Flagship Equity Data Onchain Via Pyth NetworkCrypto Firms Spend $189M on 2026 Midterms, Top 2024 TotalSharpLink Purchases 10,000 ETH Worth $16.1 MillionBitcoin Core Releases v31.1rc1 for Public TestingU.S. Spot Bitcoin ETFs See $231M in Outflows as Losing Streak Hits 8 DaysJPMorgan Expands Kinexys to Eight Currencies With AUD, HKD, JPY, CNY and SGD
Homepage/Altcoin News/Minting Attack: Critical Vulnerability Found in Ethereum Framework
ALTCOIN NEWSETHEREUM

Minting Attack: Critical Vulnerability Found in Ethereum Framework

BY Solomon M.·2 MIN READ·NOVEMBER 22, 2018

Level K, a smart contract and decentralized application development company, has discovered a critical security weakness in the Ethereum blockchain. The vulnerability would have allowed an attacker to reward himself large amounts of GasToken when receiving Ethereum’s native cryptocurrency ETH. It is still not clear how many exchanges have been possibly affected by the bug. Also, there is no report that hackers have successfully exploited the weakness to mint GasToken.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
0Internal references connected to related coverage
2External source domains cited in the article
2 minEstimated time to read the full report

According to a Medium post published Nov. 21; many exchanges have been notified privately about the vulnerability. The disclosure urged all the parties to review their logs to determine whether they have been affected by this attack. The disclosure reads in part:

“Many exchanges allow the withdrawal of Ethereum to arbitrary addresses with no gas usage limit. Since sending Ethereum to a contract address executes its fallback function, attackers can make these exchanges pay for arbitrary computation. This allows attackers to force exchanges to burn their own Ethereum on high transaction costs. Attackers may even benefit financially by mining TokenGas.”

As per the report, an address can carry out arbitrary computations at the cost of the person who initiated the transaction, when ETH is sent to that address. Therefore, it would be possible for such an attack to become profitable for the dishonest party.

The disclosure also stated that this bug doesn’t affect exchanges that process Ethereum transactions. Only those who initiate Ethereum transactions are affected.

The researchers discovered the security vulnerability last month. They immediately notified the founders of GasToken, and several parties that could have been attacked by it.

The discovery of this vulnerability is a clear sign the blockchain is not as safe as people think. Early this year, a group unearthed a security weakness in crypto exchange Coinbase, which allowed bad actors to steal unlimited amount of ETH.

You can read the full report here.

 

SOURCE TRANSPARENCY
  • External Source - Referenced domain: medium.com
  • External Source - Referenced domain: drive.google.com
  • Byline - Reported by Solomon M.
  • Coverage Desk - Primary editorial category: Altcoin News
  • Media Asset - Featured image served from the WordPress media library