LIVE
Fintech Revolution Summit Malaysia 2026 Opens Sponsorship, Speaking, and Exhibition OpportunitiesBitcoin Retests $60K as Exchange Inflows SurgeBNB Chain Surpasses 13.5 Billion Transactions, Report SaysTrump Defends $1.4B Crypto Windfall, Says Nothing Was IllegalBitcoin Fear & Greed Index Falls to 19 in Extreme FearOndo Finance Tokenizes BlackRock's IVV ETF and Micron Shares on EthereumBinance Receives Approval to Offer Crypto Services in the PhilippinesStandard Chartered and Circle Launch USDC Mint and Redemption Service for Eligible ClientsSolana Foundation launches Governance Proposals for stake-weighted on-chain votingMetaplanet Buys 2,823 BTC, Total Holdings Reach 43,000 BTCFintech Revolution Summit Malaysia 2026 Opens Sponsorship, Speaking, and Exhibition OpportunitiesBitcoin Retests $60K as Exchange Inflows SurgeBNB Chain Surpasses 13.5 Billion Transactions, Report SaysTrump Defends $1.4B Crypto Windfall, Says Nothing Was IllegalBitcoin Fear & Greed Index Falls to 19 in Extreme FearOndo Finance Tokenizes BlackRock's IVV ETF and Micron Shares on EthereumBinance Receives Approval to Offer Crypto Services in the PhilippinesStandard Chartered and Circle Launch USDC Mint and Redemption Service for Eligible ClientsSolana Foundation launches Governance Proposals for stake-weighted on-chain votingMetaplanet Buys 2,823 BTC, Total Holdings Reach 43,000 BTC
Homepage/Altcoin News/Minting Attack: Critical Vulnerability Found in Ethereum Framework
ALTCOIN NEWSETHEREUM

Minting Attack: Critical Vulnerability Found in Ethereum Framework

BY Solomon M.·2 MIN READ·NOVEMBER 22, 2018

Level K, a smart contract and decentralized application development company, has discovered a critical security weakness in the Ethereum blockchain. The vulnerability would have allowed an attacker to reward himself large amounts of GasToken when receiving Ethereum’s native cryptocurrency ETH. It is still not clear how many exchanges have been possibly affected by the bug. Also, there is no report that hackers have successfully exploited the weakness to mint GasToken.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
0Internal references connected to related coverage
2External source domains cited in the article
2 minEstimated time to read the full report

According to a Medium post published Nov. 21; many exchanges have been notified privately about the vulnerability. The disclosure urged all the parties to review their logs to determine whether they have been affected by this attack. The disclosure reads in part:

“Many exchanges allow the withdrawal of Ethereum to arbitrary addresses with no gas usage limit. Since sending Ethereum to a contract address executes its fallback function, attackers can make these exchanges pay for arbitrary computation. This allows attackers to force exchanges to burn their own Ethereum on high transaction costs. Attackers may even benefit financially by mining TokenGas.”

As per the report, an address can carry out arbitrary computations at the cost of the person who initiated the transaction, when ETH is sent to that address. Therefore, it would be possible for such an attack to become profitable for the dishonest party.

The disclosure also stated that this bug doesn’t affect exchanges that process Ethereum transactions. Only those who initiate Ethereum transactions are affected.

The researchers discovered the security vulnerability last month. They immediately notified the founders of GasToken, and several parties that could have been attacked by it.

The discovery of this vulnerability is a clear sign the blockchain is not as safe as people think. Early this year, a group unearthed a security weakness in crypto exchange Coinbase, which allowed bad actors to steal unlimited amount of ETH.

You can read the full report here.

 

SOURCE TRANSPARENCY
  • External Source - Referenced domain: medium.com
  • External Source - Referenced domain: drive.google.com
  • Byline - Reported by Solomon M.
  • Coverage Desk - Primary editorial category: Altcoin News
  • Media Asset - Featured image served from the WordPress media library