Protecting Crypto Exchanges from Fake Deposit Attacks: SlowMist Unveils Vulnerabilities and Prevention Measures
Home » today » Business » Protecting Crypto Exchanges from Fake Deposit Attacks: SlowMist Unveils Vulnerabilities and Prevention Measures

Protecting Crypto Exchanges from Fake Deposit Attacks: SlowMist Unveils Vulnerabilities and Prevention Measures

by

Attackers send fake transactions to crypto exchanges, which platforms mistakenly identify as legitimate deposits and credit funds to the account. This type of attack was uncovered by SlowMist experts.

Data: X.

“It should be noted that fake deposit attacks are not blockchain vulnerabilities. Instead, attackers use certain characteristics of networks to create special transactions, ”the experts noted.

According to them, the task of hackers is to exploit bugs and system errors in exchange mechanisms for processing deposit transactions.

Since 2018, SlowMist experts have discovered several types of such attacks. Among them:

the transaction appears in the mempool, but is never included in the block due to its replacement by the attacker; the operation gets into the block, but is not executed due to the specified obviously incorrect logic parameter; the transfer is counted several times (double spending); network fork, when the block and transactions in it are invalidated; translation review.

The attackers used the last method with TON tokens, using the properties of the blockchain, experts gave an example. Almost all internal messages between smart contracts on this network should be “rejectable”. As a result, hackers, making a transaction to an account without a contract and setting the “return” option, receive their funds back minus commissions. At the same time, the exchange manages to credit them with the withdrawn transfer, SlowMist indicated.

To protect against attacks through fake deposits, the firm’s specialists recommended a number of measures to trading platforms, such as:

implementation of the mechanism of multiple confirmations; strict matching of transactions; creating a risk control system; manual verification of large transfers; time limits on the withdrawal of deposited funds.

Recall that in July, the company’s experts reported the discovery in the App Store of a phishing program aimed at stealing user data and cryptocurrencies.

Subscribe to ForkLog on social networks

Found a mistake in the text? Select it and press CTRL+ENTER

ForkLog Newsletters: Keep your finger on the pulse of the bitcoin industry!


2023-07-28 09:25:55
#SlowMist #discovered #type #attack #bitcoin #exchanges #ForkLog

Related posts:

Welfare Recipients in Kiryu City Accused of Violating Constitution: Lawsuit Demands Damages
Echo24.cz: CNB's Mandate Fulfilled by Prioritizing Company Protection Over Household Savings
Know who blocked you on the WhatsApp application through this method
"Money Matters on Self-Representation Day 2023 for Disabled Professionals"
Lamborghini’s Revuelto: The Latest Hypercar Generating Massive Demand

Lamborghini’s Revuelto: The Latest Hypercar Generating Massive Demand

Death Toll Rises to 27 in Philippine Ferry Capsize

Death Toll Rises to 27 in Philippine Ferry Capsize

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.