$6,007,468,725,166,940,000,000,000,000,000,000,000,000,000,000,000,000,000,000

[seoincorporation]

That's the amount a hacker generate multiple times with this kind of transactions...

https://etherscan.io/tx/0x1abab4c8db9a30e703114528e31dee129a3a758f7f8abc3b6494aad3d304e43f

So, it's time to talk about the CVE-2018–10299

As we can see in the article: https://medium.com/coinmonks/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536 there was a batchOverflow Bug in Multiple ERC20 Smart Contracts

The vulnerable function is located in batchTransfer and the code is shown in Figure 2. As indicated in line 257, the amount local variable is calculated as the product of cnt and _value. The second parameter, i.e., _value, can be an arbitrary 256 bits integer, say 0x8000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000(63 0’s). By having two _receivers passed into batchTransfer(), with that extremely large _value, we can overflow amount and make it zero. With amount zeroed, an attacker can then pass the sanity checks in lines 258–259 and make the subtraction in line 261 irrelevant. Finally, here comes the interesting part: as shown in lines 262–265, the balance of the two receivers would be added by the extremely large _value without costing a dime in the the attacker’s pocket!

Personally i think ETH lose respect since DAO, and now it proves again how risk is to deal with smart contracts... The problem about them is the smart hackers 

So, i want to know what people think about this issue and the monumental amount of money made from nowhere.

[1715476002]

1715476002

[1715476002]

1715476002

[aleksej996]

Ethereum was always really buggy.
It was the only altcoin that I looked into seriously, but after having bugs when I installed a full node client, I saw that the code is not as stable and secure as Bitcoin Core. I never looked back on it since. There were a lot of security vulnerabilities discovered since then, so I never considered looking into it again.

I guess if that technology was really secure and well-tested it would have been added to Bitcoin.
I really don't have high hopes for that coin. I am sure it will be quite successful compared to others, since altcoin market is generally weak, but it will never rival Bitcoin in security and technology.

[odolvlobo]

Ethereum was always really buggy.

This is not a bug in Ethereum.

[btcdevil]

So it means that the hackers are transacting this much value of tokens through ERC20 token. But how can they sell it if their is no market value for the token in  any exchange.

[aleksej996]

Ethereum was always really buggy.

This is not a bug in Ethereum.

Still really buggy code though. Compared to Bitcoin at least.

[seoincorporation]

Still really buggy code though. Compared to Bitcoin at least.

Yep, the blockchain technology is kind of intrinsicate enough, and with the introduction of the smart contracts, they have make it even more difficult to manage. Besides, somehow I feel they are unnecessary, for the blockchain tech is amazing and enough.
Of course, the smart contracs have been showing some buggy problems since its very beggining. I think he have to wait longer and maybe the developers will reach the point of complete accurance in the code. But, for the moment, to me, they are not in a good place.

[Slava79]

I think the smart contracts  area is where pure functional approach to programming could shine.

Solidity encourages mutable state and it is harder to cover with tests than if it would be implemented as pure functions with immutable data structures.

I don't think that would be a silver bullet, but definitely make testing easier and development less error prone.

[nikodavv]

The main danger of modern technology like a blockchain, Internet of Things is a high risk to be attacked by hackers. Nowadays it is very young technolygy and it has bugs, which hackers can use for breaking. I am sure that the way ot this technology will be evolve, but be careful and keep your secret information in the drivers without internet connection