Attackers send fake transactions to crypto exchanges, which platforms mistakenly identify as legitimate deposits and credit funds to the account. This type of attack was uncovered by SlowMist experts.
According to them, the task of hackers is to exploit bugs and system errors in exchange mechanisms for processing deposit transactions.
Since 2018, SlowMist experts have discovered several types of such attacks. Among them:
- the transaction appears in the mempool, but is never included in the block due to its replacement by the attacker;
- the operation gets into the block, but is not executed due to the specified obviously incorrect logic parameter;
- translation is counted multiple times (double spending);
- network fork, when the block and transactions in it are invalidated;
- translation review.
The attackers used the last method with TON tokens, using the properties of the blockchain, experts gave an example. Almost all internal messages between smart contracts on this network should be “rejectable”. As a result, hackers, making a transaction to an account without a contract and setting the “return” option, receive their funds back minus commissions. At the same time, the exchange manages to credit them with the withdrawn transfer, SlowMist indicated.
To protect against attacks through fake deposits, the firm’s specialists recommended a number of measures to trading platforms, such as:
- implementation of the mechanism of multiple confirmations;
- strict matching of transactions;
- creating a risk control system;
- manual verification of large transfers;
- time limits on the withdrawal of deposited funds.
Source: Cryptocurrency
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.
