BatchOverflow Bug Update: Poloniex, Coinone and HitBTC Resume ERC-20 Token Deposits
After a step taken in time to protect public interest
A New ERC-20 Bug Causes Major Exchanges to Temporarily Suspend Deposit Taking
The discovery of a new smart contract bug named “BatchOverflow” had led major cryptocurrency exchanges such as OKEx, Poloniex, Coinone and HitBTC to suspend ERC-20 tokens deposit on their exchange platforms. The bug enables attackers to generate an extremely large amount of tokens, and deposit them into a normal address, making these tokens vulnerable to price manipulations. Blockchain security company, PeckShield has identified the following 9 ERC-20 tokens that have fallen prey to the above bug exploit:
Instances Of the BatchOverflow Bug at Play
Particular instances of token exploit include:
- On April 22nd, 115 octodecillion Beauty Coin (BEC) was created (worth $3.7 novemdecillion) in two transactions.
- Then, on April 24th, the same exploit mechanism was used to generate over $5 octodecillion USD in Smart Mesh (SMT) tokens.
Exchanges Take Steps to Protect Public Interest
What followed were major cryptocurrency exchanges suspending deposit of ERC-20 tokens to prevent market manipulation. OKEx launched a press release stating – “To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed.”
— OKEx (@OKEx_) April 25, 2018
Resumption of ERC-20 Deposits at Poloniex, Coinone and HitBTC
Poloniex exchange had also temporarily suspended ERC-20 token deposits and withdrawals to ensure that customer funds are safe. However, according to their latest tweet, Poloniex has now re-enabled the service.
Korean cryptocurrency exchange, Coinone, too has suspended deposit and withdrawal of OMG and EOS on its exchange, which service is expected to resume on April 26th, 10 AM Korea time (KST).
HitBTC, which had initiated an internal inspection due to a potential issue detected in ERC20 smart contracts, is now back online for ERC-20 token deposits.
Bittrex exchange, too, released a statement regarding the BatchOverflow Bug:
“Once public, Bittrex immediately started analyzing the smart contract “batchOverflow” bug. If an ERC20 token is vulnerable, attackers can exploit the bug to generate countless tokens, allowing for price manipulation. We concluded our investigation and did not find any ERC20 tokens listed on Bittrex that are vulnerable to the batchOverflow bug. Customers may continue their normal activities on Bittrex since ERC20 token trading is not expected to be disrupted by this issue.”
Image Credit: Deposit Photos