DELETE

[Nestade]

DELETE

[allanr]

Wow, i dont even know how to code and this guy can make gazilion copy of existing token out of thin air, better get that bug fixed before any other token that have price get copied and that person start laundering his token in exchanger.

[KryptoKai]

No wonder all the alt prices are falling, bloody ethereum and their crap erc20 tokens. Everyone should go and use the NEO tokens instead. More secure and less blockchain bloat, i can see NEO rising after all this ethereum hacked debacle.

[iqbalrozi]

And Qryptos Exchanger also disable ERC20 Deposit and withdraw option and even they disbale trading ! I think this is great decision that Many good exchangers are trying to stop scam people because of recent Mew Attack! The worst thing in the crypto market is Hack, Scam. Hope it will fix very soon. Thanks for the update.

[Omega0255]

No wonder all the alt prices are falling, bloody ethereum and their crap erc20 tokens. Everyone should go and use the NEO tokens instead. More secure and less blockchain bloat, i can see NEO rising after all this ethereum hacked debacle.

That is totally false, NEO is super complicated to use, and neo tokens are more than difficult to use, specially for a newbie (the security is not enough compared to ERC20)

But yes, Ethereum has a lot of issues anyway

[Numir]

Hmmm I didn't know that. But looks like it can be fixed easily. Nice response by the exchanges.
I hope we see it esolved soon.

[marvtridon]

Looks like multiple exchanges stopped ERC20-token deposits/withdrawals temporarily due to a exploitable bug in multiple ERC20 contracts.


I found this interesting article about the vulnerability including proof of concept:
https://medium.com/coinmonks/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536


CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10299




OKEx:

Dear valued customers,

We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug - "BatchOverFlow". By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.

To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.

If you have already made a deposit request, your funds will arrive safely after our deposit service resumed. We apologize for any inconvenience caused.

Regards,
OKEx
Apr 25, 2018

https://support.okex.com/hc/en-us/articles/360003019292


Poloniex: (re-enabled)

We've temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!

2:46 PM - 25 Apr 2018

https://twitter.com/Poloniex/status/989123551788785666


HitBTC: (partially re-enabled)

Due to a potential issue detected in ERC20 smart contracts, we initiated an internal inspection. All deposits and transfers on ERC20 tokens will be getting online in accordance with the results of the inspection. Please refer to the System Health page for online status.

https://twitter.com/hitbtc/status/989121599877066753


Changelly.com:

Dear Customers, ERC20 tokens are temporarily unavailable due to an exploit check. We will bring them back, once we are sure there is no vulnerability in deposits received. Follow the updates!

https://twitter.com/Changelly_team/status/989083263317762049


QUOINEX:

As a precautionary measure, we are suspending trading/deposits of erc20 tokens along with a suspension of withdrawals (fiat/crypto) on QRYPTOS/QUOINEX in response to the discovery of the BatchOverFlow bug. We will resume normal business when we are certain there are no risks.

https://twitter.com/QUOINE_SG/status/989168290646937605

This is terrible but good thing it was easy and quickly discovered. Code is taking over.  I just hope we don't advance to a d
Stage where human lives will be dependent on codes. But seems we are already there yet.
Good work exchanges

[yura_878]

Looks like multiple exchanges stopped ERC20-token deposits/withdrawals temporarily due to a exploitable bug in multiple ERC20 contracts.


I found this interesting article about the vulnerability including proof of concept:
https://medium.com/coinmonks/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536


CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10299




OKEx:

Dear valued customers,

We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug - "BatchOverFlow". By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.

To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.

If you have already made a deposit request, your funds will arrive safely after our deposit service resumed. We apologize for any inconvenience caused.

Regards,
OKEx
Apr 25, 2018

https://support.okex.com/hc/en-us/articles/360003019292


Poloniex: (re-enabled)

We've temporarily suspended ERC-20 token deposits and withdrawals while we review all smart contracts for exposure to the reported batchOverflow bug. We take any reports of vulnerabilities very seriously to ensure that customer funds remain safe. Thank you for your patience!

2:46 PM - 25 Apr 2018

https://twitter.com/Poloniex/status/989123551788785666


HitBTC: (partially re-enabled)

Due to a potential issue detected in ERC20 smart contracts, we initiated an internal inspection. All deposits and transfers on ERC20 tokens will be getting online in accordance with the results of the inspection. Please refer to the System Health page for online status.

https://twitter.com/hitbtc/status/989121599877066753


Changelly.com:

Dear Customers, ERC20 tokens are temporarily unavailable due to an exploit check. We will bring them back, once we are sure there is no vulnerability in deposits received. Follow the updates!

https://twitter.com/Changelly_team/status/989083263317762049


QUOINEX:

As a precautionary measure, we are suspending trading/deposits of erc20 tokens along with a suspension of withdrawals (fiat/crypto) on QRYPTOS/QUOINEX in response to the discovery of the BatchOverFlow bug. We will resume normal business when we are certain there are no risks.

https://twitter.com/QUOINE_SG/status/989168290646937605

If I'm not wrong then everything is fine. At least Poloniex has already started working with tokens ERC-20
@PoloniexAnnouncementsbot
Deposits and withdrawals for ERC-20 tokens have now been re-enabled.

[TmottaDing]

Well i am trading on HitBTC and it is not solved yet, any ideas of why they are still halting movements from trading balance to main balance? This is really bothering myself, i am a little bit scared about it..

Hmmm I didn't know that. But looks like it can be fixed easily. Nice response by the exchanges.
I hope we see it esolved soon.

[WalkerIVIV]

No wonder all the alt prices are falling, bloody ethereum and their crap erc20 tokens. Everyone should go and use the NEO tokens instead. More secure and less blockchain bloat, i can see NEO rising after all this ethereum hacked debacle.

Well, I'm sure NEO also has enough unknown vulnerabilities just like ETH (and its ERC20 Smart Contracts) - but yes, would be nice if NEO would rise a little bit
The MyEtherWallet-'Hack' was done trough DNS-hijacking - could happen to every website.

But It has not yet discovered, Better now than later. I guess there is no perfect code but just the vulnerabilities are still not yet discovered by someone just like parity. None of them have know about that but one of parity user was activating the unknown vulnerability and it self destruct the contract.

[Johnnywelsh]

Good article, crazy that such a tiny function can be overlooked. This is the problem when all the developers are split over thousands of different projects instead of focusing on a core set of modules that are universally used.

[yansen]

I do not know about this, after I got email from qryptos and see some groups turned out this is true, this is bad news for Ethereum. I think having a smart contract platform is the best solution. there are still serious problems in it. hopefully the ethereum development team can fix this problem immediately, so as not to lose confidence for traders and investors.

[batgrzl]

I do not know about this, after I got email from qryptos and see some groups turned out this is true, this is bad news for Ethereum. I think having a smart contract platform is the best solution. there are still serious problems in it. hopefully the ethereum development team can fix this problem immediately, so as not to lose confidence for traders and investors.

I hope to recover quickly, I believe in the strength of the technicians, but also hope that they will be able to guard against some possible vulnerabilities and know that the impact of these problems on the ETH is a little big.

[Mi5h0]

If I'm getting this right, not many tokens are affected by this bug. Developers of these tokens will probably need to make a changes in a smart contract and do a token swap.
Makes me wonder if there is a list of tokens that contains this problematic function somewhere?

[eternalgloom]

Very good that it's finally been fixed, a day's worth of trading lost isn't some minor issue IMO.
Makes you wonder how many other bugs are still undiscovered, if one as severe as this one could still slip through.

I definitely wouldn't mind if ETH got some serious competition in the future, in this case competition is definitely a good thing, as it keeps innovation and security a top priority.

[Mi5h0]

Very good that it's finally been fixed, a day's worth of trading lost isn't some minor issue IMO.
Makes you wonder how many other bugs are still undiscovered, if one as severe as this one could still slip through.

I definitely wouldn't mind if ETH got some serious competition in the future, in this case competition is definitely a good thing, as it keeps innovation and security a top priority.

Well, the vulnerability is still not fixed - exchanges just restarted trading.

Well, exchanges’ response to halt trade, deposit and withdrawal of ALL ERC20 tokens seems a bit rushed, if you ask me. There’s nothing fundamentally wrong with Ethereum or most ERC20 tokens. The "bug" called an integer overflow is well known and common in many programming languages, not just Solidity. Any developers of some worth should know about this issue and correctly use a SafeMath library to catch overflows, thus preventing them from impacting the logic of the smart contract.