Vulnerability Is Found in Constantinople

Constantinople Hard Fork Postponed

Ethereum’s (ETH) Constantinople hard fork faces a delay over a newly discovered security vulnerability allowing a reentrancy attack. The critical issue was detected by smart contract audit firm ChainSecurity and reported in a blog post Jan. 15. According to the company’s report, the Constantinople upgrade introduces cheaper gas cost (transaction fees) for some operations on the Ethereum network. As an unexpected side effect, this allegedly enables reentrancy attacks via the use of certain commands in ETH smart contracts. A reentrancy vulnerability allows a potential attacker to steal cryptocurrency from a…

Read More

Cryptopia goes offline after hack

Cryptopia

A New Zealand-based crypto-currency trading company went offline after it was hacked at the weekend. Cryptopia, based in Christchurch, announced on Twitter that on January 14, it suffered a security breach that resulted in significant losses. “Once identified, the exchange was put into maintenance while we assessed damages,” it added. The exchange has not disclosed the value of the losses, the tokens and currencies affected or any measures to refund users. But Whale Alert, which tracks large crypto transactions, reported that 19,391 ether (ETH) tokens worth nearly $2.44 million, and…

Read More

Two Thirds of Korean Crypto Exchanges Fail Government Security Check

crypto fail

Only a third of cryptocurrency exchanges inspected got a full pass in a recent government security audit. The Ministry of Science and ICT, the Korea Internet & Security Agency and the Ministry of Economy and Finance inspected a total of 21 crypto exchanges from September to December 2018, examining 85 different security aspects. Notably, only 7 of them – Upbit, Bithumb, Gopax, Korbit, Coinone, Hanbitco, and Huobi Korea – cleared all the tests, CoinDesk Korea reported Thursday. The remaining 14 exchanges are “vulnerable to hacking attacks at all times because…

Read More

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

Ethereum Classic attack

The cryptocurrency exchange Coinbase suspended the trading of Ethereum Classic (ETC) after double-spend attacks worth $1.1 Million. The cryptocurrency exchange Coinbase has suspended the trading of Ethereum Classic (ETC) after double-spend attacks that consist in spending digital coins twice. Ethereum Classic (ETC) is the original unforked Ethereum blockchain, the attacks resulted in the loss of $1.1 million worth of the digital currency. 51% attack refers to an attack on a blockchain by a group of miners that controls over 50% of the network’s mining hashrate. “On 1/5/2019, Coinbase detected a…

Read More

Vulnerability on Ethereum enables malicious GAS Minting

GasToken

A newly discovered vulnerability on Ethereum allowing for malicious GasToken Minting was found. The development team already acknowledged the issue and informed most of the affected users on November 13, 2018, via private disclosure. The Attack Crypto exchanges usually allow the withdrawal of Ethereum to arbitrary addresses with no gas usage limit; since this executes a fall back function, attackers can use this to make exchanges pay for arbitrary computation, allowing them to force exchanges to burn their own Ethereum on high transaction costs. Moreover, this even gives attackers the…

Read More