Today the Hong Kong stock exchange OKEx (world’s third largest trading platform by trading volume) has frozen all consumer deposits of tokens of the standard ERC-20. The reason for this was the discovery by developers of “new bug smart contracts”.
In its corporate blog OKEx confirmed that the vulnerability is called BatchOverFlow revealed to cyber criminals access to the “generation of a large number of tokens” with further deposition at the normal address.
“As a result, many tokens of the standard ERC-20 was under the threat of manipulation by fraudsters. In the interests of consumer protection, we freeze all deposits in tokens ERC-20 until, until the bug is fixed”, — said in a statement OKEx.
Technical office of the exchange has already contacted the “creators of the affected assets for investigation and action to prevent the attack.” Portion of consumer deposits, which had to be withdrawn, will be refunded as soon as the situation normalizes again.
At the time of this writing, OKEx not provide any explanation or theories about who is behind the introduction exploit. Some sources have attributed the vulnerability to yesterday’s attack on a DNS server MyEtherWallet, which was stolen 216 ETH ($152 000). However, the developers repeatedly denied this version.
This is not the first case when the stock exchange have to violate the normal order of work due to incidents. At the end of March OKEx had to do a “rollback” trades due to the fall in futures. Earlier the stock exchange was also accused of failing to confront the scammers.
