Attackers send fake transactions to crypto exchanges, which platforms mistakenly identify as legitimate deposits and credit funds to the account. This type of attack was uncovered by SlowMist experts.
Data: X.
“It should be noted that fake deposit attacks are not blockchain vulnerabilities. Instead, attackers use certain characteristics of networks to create special transactions, ”the experts noted.
According to them, the task of hackers is to exploit bugs and system errors in exchange mechanisms for processing deposit transactions.
Since 2018, SlowMist experts have discovered several types of such attacks. Among them:
the transaction appears in the mempool, but is never included in the block due to its replacement by the attacker; the operation gets into the block, but is not executed due to the specified obviously incorrect logic parameter; the transfer is counted several times (double spending); network fork, when the block and transactions in it are invalidated; translation review.
The attackers used the last method with TON tokens, using the properties of the blockchain, experts gave an example. Almost all internal messages between smart contracts on this network should be “rejectable”. As a result, hackers, making a transaction to an account without a contract and setting the “return” option, receive their funds back minus commissions. At the same time, the exchange manages to credit them with the withdrawn transfer, SlowMist indicated.
To protect against attacks through fake deposits, the firm’s specialists recommended a number of measures to trading platforms, such as:
implementation of the mechanism of multiple confirmations; strict matching of transactions; creating a risk control system; manual verification of large transfers; time limits on the withdrawal of deposited funds.
Recall that in July, the company’s experts reported the discovery in the App Store of a phishing program aimed at stealing user data and cryptocurrencies.
Subscribe to ForkLog on social networks
Found a mistake in the text? Select it and press CTRL+ENTER
ForkLog Newsletters: Keep your finger on the pulse of the bitcoin industry!
2023-07-28 09:25:55
#SlowMist #discovered #type #attack #bitcoin #exchanges #ForkLog