On 07/05/2018 5PM, blockchain security company PeckShield discovered that the mobile client app of the cryptocurrency exchange Coinw has a tradeRifle security loophole. Attackers can use the clear text in some Coinw’s functions to intercept users’ token, use the token to execute a replay attack, and create any transaction requests, which may result to users asset loss. We have reported this loophole to Coinw immediately after our attack tests. On 07/19, Coinw’s technical team informed us that they have completed the loophole repair and software upgrade. Coinw website didn’t announce this loophole, and for security purpose, we decided to disclose the details of it one month after its discovery.Read more
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone, multiOverflow, burnOverflow, ceoAnyone, allowAnyone, allowFlaw), tradeTrap, evilReflex). Some of them could be used by attackers to generate tokens out of nowhere or steal tokens from legitimate owners, while others can be used to take over the ownership from legitimate contract owners (or administrators).
In this blog, we disclose a new type of vulnerability named unSafeMath. With such an implementation, any protection provided by the original SafeMath library would be gone with the wind. Consequently, anyone can transfer an arbitrary amount of tokens to any address from the affected ERC20 contracts. As a matter of fact, we have observed attacks in the wild. In the following, we are going to go through the details of the vulnerability.Read more
Jul 24, 2018 - The world’s first anonymous crowd-testing platform, DVP (dvpnet.io) , is launched by BCSEC  and PeckShield jointly today, which opens a new era of improving blockchain security by crowd testing.
The main idea behind DVP, Decentralized Vulnerability Platform, is to build an anonymous security crowd-testing community with the blockchain technology, which provides decentralization and the “vulnerability is mining” paradigm. DVP effectively connects the white hats, security firms, blockchain firms, and reduces the risk of accidental vulnerability disclosure and improves the security of the whole blockchain ecosystem.
Fomo3D  is an extreme popular, phenomenal and ponzi-like crypto-game in recent days. Justo, the developer of the game, made an astonishing announcement on twitter: “I have discovered an exploit that would be considered the equivalent of a nuclear bomb on the EVM.”
Unfortunately, Péter Szilágyi, the team lead of Ethereum foundation, argued that it was just a documented behavior, as shown in Figure 2.
In the meantime, Péter punched back with his findings, a bug in Fomo3D’s smart contract:
As a matter of fact, PeckShield researchers have observed attacks in the wild, and attackers had harvested many ETHs by exploiting the airdrop mechanism of Fomo3D. In this blog, we would like to reveal the attacks and financial damages we observed so far. In addition, we are going to go through the details of the particular security issue of Fomo3D and the corresponding the attack vectors.Read more
[Update: On 2018-07-10, the latest version of LBank mobile apps has accordingly fixed the reported issues! Thank LBank team for responsible and timely upgrade!]
On 6/29/2018, 1:00:00 a.m. UTC+8, PeckShield researchers again identified the tradeRifle vulnerability in the mobile apps of LBank — one of the top 10 cryptocurrency exchanges. Specifically, an attacker could extract the token of an user’s current login session. This token could be used to issue arbitrary trades by replaying the create order packets. Even worse, while withdrawing digital assets, the LBank mobile apps, both Android and iOS versions, are prone to man-in-the-middle (MITM) attacks, which could lead to serious financial damages. We notified LBank immediately by the time this issue was confirmed and the proof-of-concept exploit was verified.
On 7/10/2018, 11:32:00 p.m. UTC+8, LBank announced in its official website that their security response team had applied the patch against the tradeRifle bug report, which was received on 6/29/2018 . LBank also claimed in the announcement that none of the crypto assets of their users are affected by this bug.Read more
[Update: Please send the MD5 of your private key for us to verify!]
Send your EOS account information to [email protected] including:
Account name, EOS balance (including CPU/RAM/NET balances), the pubic key and the MD5 of private key
Proof of transaction using this account (e.g., screenshot of wallet apps, logs) before 03:14:00 UTC, 2018/7/11
PeckShield validates the information and responds back to you
Update the public/private key pair associated with the account or provide a new account to receive the fund
PeckShield returns the balance back to you after verifying that your account (or the newly provided account) is safe
As the largest ICO in history, EOS is touted as the most competitive candidate of next-generation blockchain systems and has naturally attracted great attention world-wide.
Among all the buzz about EOS, the security aspect of EOS is one of the most controversial topics.
In this blog, PeckShield researchers take a close look at a key component of EOS, i.e., EOS accounts. Especially, we are interested in understanding the way how the EOS accounts are generated by existing tools . We are surprised to find that certain EOS accounts are readily vulnerable to being compromised and the corresponding digital assets are seriously under the risk of being stolen. For simplicity, we call these affected accounts as high-risk EOS accounts. In order to mitigate the issue and protect high-risk EOS users, PeckShield is now launching a public service dubbed EOSRescuer .
In the following, we would like to go through the details of this particular security issue, and make a disclosure of vulnerable accounts list covered by EOSRescuer.Read more
[Update: On 2018-07-05, the latest version of Huobi OTC service has accordingly fixed the reported issues! Thank Huobi team for responsible and timely upgrade!]
Nowadays, cryptocurrency exchanges play an important role in the crypto ecosystem. Among all exchanges, those providing Over-The-Counter (OTC) trading service attract our interest due to the convenience for fiat-to/from-crypto currency trading. In the meantime, the offline fiat exchange also poses security threats, such as the chargeback fraud that the buyer chargebacks the payment from the seller after receiving the crypto assets. By analyzing most of the OTC services provided by top cryptocurrency exchanges, we find out that the OTC trading service of Huobi is vulnerable to replay attack and man-in-the-middle (MITM) attack, which could be exploited to cause serious financial loss. Specifically, an attacker can eavesdrop financially-sensitive information of the seller and replays an message to impersonate the seller for issuing a privilege operation, for example, releasing the fund without paying any fiat currency. As for MITM attack, an attacker can fabricate the bank account of a crypto assets seller for collecting the fiat currency paid by the victim buyer.
In the following, we would like to go through the details of a vulnerable OTC service provided by Huobi. We want to highlight that upon our notification on July 4, Huobi has promptly responded by issuing a security fix, preventing any damage or financial loss from being caused to her customers .Read more
PeckShield has so far discovered quite a few critical smart contract vulnerabilities. Besides smart contracts, the Ethereum ecosystem also includes other various components that are equally exposed to possible exploitation. Obviously, one such component is the core of Ethereum, i.e., the underlying client software running on each Ethereum node. If she takes down an Ethereum client/node, an attacker could completely get rid of the computation power contributed by the client/node. And if many Ethereum clients/nodes are all of a sudden knocked offline, their corresponding computation power could be immediately lost, causing serious disruption to the entire Ethereum operations. In this writing, we are going to reveal a critical vulnerability identified in popular Ethereum clients, which could be exploited to cause serious impact on the whole Ethereum network.Read more
[Update: (2018-06-24) With swift, coordinated response from Huobi.pro, we appreciate the announcement  on suspending the deposits and withdrawals of affected tokens!]
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone, multiOverflow, burnOverflow, ceoAnyone, allowAnyone, allowFlaw), tradeTrap). Some of them could be used by attackers to generate tokens out of nowhere or steal tokens from legitimate holders, while others can be used to take over the ownership from legitimate contract owner (or administrator).
In this blog, we disclose a new type of vulnerability named evilReflex. By exploiting this bug, the attacker can transfer an arbitrary amount of tokens owned by a vulnerable smart contract to any address. Specifically, whenever a smart contract has non-zero token balance, those tokens could be swept out by an attacker.
On June 15th, Dr. Jiang, founder and CEO of PeckShield, announced that PeckShield had found a security breach that could lead to 60% of current Ethereum nodes to crash in seconds.
PeckShield and DoraHacks, a global hacker community, will announce and display this loophole at the Blockchain Connect Conference on June 27th in San Jose in front of 3,000 blockchain industry experts.Read more
[Update: (2018-06-12) The BMB (BMB) contract (0x0e935e976a47342a4aee5e32ecf2e7b59195e82f) is NOT affected by tradeTrap. We sincerely apology for mistakenly listing it as a vulnerable ERC20 token.]
Quoted from our last blog , “publicly tradable ERC-20 tokens have considerable high market value. Various exchanges, either centralized (e.g., Binance, Huobi.pro, and OKex) or decentralized (e.g., IDEX, EtherDelta, ForkDelta), provide the marketplace by listing them, especially with high-liquidity ones, for public trading. Evidently, the transparency and security of their corresponding smart contracts is paramount. In practice, there is a de-facto requirement for these contract to be publicly verifiable on etherscan.io. Moreover, reflecting the fundamental ‘code-is-law’ spirit and trust of blockchain technology, these contracts once deployed should not be further subject to centralized control or manipulation.”
After publishing our blog , we have been contacted by a number of affected cryptocurrency exchanges. As we believe the corresponding mitigation mechanism is now in place, it is the time to disclose the details of tradeTrap. As emphasized in , once smart contracts of publicly tradable ERC-20 tokens are deployed, they should not be further subject to centralized control or manipulation. Unfortunately, tradeTrap plagues 700+ ERC20 tokens and we have so far confirmed at least dozens of them are publicly tradable on current exchanges, including Binance, Huobi.pro, OKex, OKCoinKR, CoinEgg, Kucoin, Allcoin, HitBTC, Bitbns, ZB, OTCBTC, CoinBene, COSS, EtherDelta, ForkDelta, IDEX, YEX, Tidex, Radar Relay, Yobit, WazirX, CoinExchange, CoinSpot, Bluetrade, CEX, and Livecoin. The full list of tradeTrap-affected ERC20 tokens is available here.
While we intend to think these contracts are deployed with good will and without any hidden or unintentional purpose, the existence of highly manipulatable interfaces (or knobs), however, could be exploited to either make inappropriate arbitrage or even directly control buy / sell prices of affected tokens. All these will eventually result in financial loss for trading customers and essentially reflect lack of enough security of affected exchanges when listing these tokens for trading.
In the following, we would like to disclose two types of manipulatable interfaces which could be exploited to achieve unfair arbitrage.Read more
Publicly tradable ERC-20 tokens have considerable high market value. Various exchanges, either centralized (e.g., Binance, Huobi.pro, and OKex) or decentralized (e.g., IDEX, EtherDelta, ForkDelta), provide the marketplace by listing them, especially with high-liquidity ones, for public trading. Evidently, the transparency and security of their corresponding smart contracts is paramount. In practice, there is a de-facto requirement for these contract to be publicly verifiable on etherscan.io. Moreover, reflecting the fundamental “code-is-law” spirit and trust of blockchain technology, these contracts once deployed should not be further subject to centralized control or manipulation.
In this blog, we would like to report a security issue called tradeTrap (mixed with vulnerable implementation) that utterly violates the above requirement. Unfortunately, tradeTrap plagues hundreds of ERC20 tokens and we have so far confirmed at least ten of them are publicly tradable on current exchanges. Those affected tokens could be of high-profit arbitrage opportunities to bad guys.Read more
The largest ICO in history, i.e,. the ERC-20 EOS Token ICO, is now closed on June 1st at 22:59:59 UTC. In total, EOS has raised $4 billion with 331,433 shareholders. Among these token holders (excluding the reserved 0xb1 address), 149,533 of them had registered their EOS public keys and they will be officially included in the snapshot for EOS genesis generation. These registered 149,533 token holders share 88% of the total supplied EOS tokens. On the other hand, there are 181,900 token holders (1.41% share) who have not completed the registration yet. If they do not complete the registration in the 23-hours grace period, they may not literally own the tokens when the grace period is over. For the rest 10.59%, the 0xb1 address holds the reserved 10% share, and the final part 0.59% is kept in the EOS smart contract, representing those investors who already paid for the token sale, but have not claimed them yet.Read more
We have been updating EOS community about latest registration status and upcoming deadline for weeks, and made great efforts to urge the entire EOS community and related shareholders to take the necessary actions for smooth registration. As of today, we found that 29.98% EOS tokens are still NOT registered!
Today, we found another worrisome issue that requires immediate attention from EOS community. Among all registered (70.02%) EOS tokens, 0.23% EOS tokens are not properly registered. Based on today’s EOS price (12.40 USD), these improperly registered tokens are equivalent to ~27 million dollars (USD) , which might be lost forever if not immediately re-registered before the EOS mainnet launch. With that, we strongly recommend token holders who had already finished the registration to re-examine the EOS keys carefully. Otherwise your registration might be invalidated!
Specifically, our analysis shows that there are two different ways that lead to an invalid registration:
- Using a public, known key: EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV;
- Using a bad format key
In first case, since the EOS key is publicly known, your registered tokens might be immediately stolen by others. This particular case was reported by EOSAuthority today . However, our analysis show that the registration issue is much more severe than we thought because of the second case.Read more
Today, Qihoo 360 posted in its blog about an out-of-bound access vulnerability in nodeos, a part of EOSIO software package. This vulnerability can be exploited to trigger an RCE (Remote-Code-Execution) attack . Considering the severity of the vulnerability and the timing of upcoming EOS mainnet launch, researchers at PeckShield immediately looked into the nodeos codebase and successfully reproduced the bug by crafting a malicious smart contract to crash the vanilla EOS client as mentioned in the blog.
Let’s start from a quick recap of the vulnerability. We show in Figure 1 the related WASM contract handler. As highlighted in the figure, there is an out-of-bound write in line 78 because the offset local variable is extracted from the untrusted contract binary (line 75).
[Update: (2018-06-05) The latest version of Biyong has accordingly fixed the reported issues! Thank Biyong team for responsible and timely upgrade!]
Digital wallets provide an essential functionality in managing digital assets or tokens for users and are considered a key pillar in the broad blockchain ecosystem. In today’s mobile app markets, there are quite a few wallet-oriented mobile apps (e.g., Exodus and imToken) that provide great convenience and service for managing digital assets. However, different from other mobile apps, digital wallets may face stricter requirements and higher standards for better privacy and security, especially with the enforcement of EU General Data Protection Regulation (GDPR).
Recently, researchers at PeckShield have examined a number of mobile app-based digital wallets and came across a well-known blockchain-oriented IM app, i.e., BiYong, with nearly 3 million monthly active mobile users. This particular app aims to become “WeChat” in the Blockchain world by building a social network that links Blockchain users, communities, media, assets, applications and etc. It not only offers features to seamlessly interact with Telegram, but also provides digital wallet functionality for asset transfer or payment. However, our analysis shows that BiYong fails to hold a high standard in managing and collecting users’ private information. Specifically, this app collects user ID in Telegram (i.e., Telegram ID and name), telephone number, and even payment passcode and uploads them to BiYong servers in plaintext! We consider it completely unacceptable as it violates user privacy and disobeys the fundamental spirit behind Blockchain for the maintenance of user privacy and pseudonymity.Read more
One week before the expected freezing of ERC20-based EOS tokens, we found that 51.7% EOS tokens are still NOT registered. Compared with our last study on 05/01/2018, the EOS registration rate observes some improvement, but certainly not significant at all. Among the 48.3% registered tokens, 10% is already reserved for block.one at the very beginning, leaving externally-circulating tokens with 38.3% registered! This is a very BAD sign for the entire EOS community.Read more
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone, multiOverflow), burnOverflow), ceoAnyone). Some of them could be used by attackers to generate tokens out of nowhere or steal tokens from legitimate holders, while others can be used to take over the ownership from legitimate contract owner (or administrator).
Today, our system reports a new vulnerability called allowAnyone that affects a number of publicly tradable tokens (including EDU). Because of the vulnerability, attackers can steal valuable tokens (managed by affected, vulnerable smart contracts) from legitimate holders. More specifically, our investigation shows that in those vulnerable smart contracts, the ERC20 standard API, transferFrom(), has an issue when checking the allowed[ ][ ] storage, which typically represents the amount of tokens that _from allows msg.sender to use. As a result, anyone can transfer tokens on behalf of another one who has non-zero balance.
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone, multiOverflow, burnOverflow). These vulnerabilities typically affect various tokens that may be publicly traded in exchanges. Today, we would like to report a new vulnerability named ceoAnyone, which affects, instead of tradable tokens in exchanges, but Crypto-Games.
Starting from the end of 2017, blockchain-based crypto-games have become popular especially with the initial success of CryptoKitties. Among crypto-games, cypto idle game is an interesting category that enables players to make money by idling for hours, then followed by a profit-making transaction (e.g., selling a Lab Rat on Ether Goo). Many of the cypto idle game owners make profit from the transaction fee. However, what if the owner address could be manipulated or completely hijacked by attackers?Read more
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone, multiOverflow). Some of them could be used by attackers to generate tokens out of nowhere while others can be used to steal tokens from legitimate holders.
Today, we would like to report another vulnerability called burnOverflow that affects a few ERC20-related tokens. In particular, one such token, i.e., Hexagon Token (HXG), has already been attacked in the wild. Specifically, on 5/18/2018, 12:55:06 p.m. UTC, PeckShield detected such attacking transaction (as shown in Figure 1) where someone calls transfer() with a huge amount of HXG token — 0xffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,fffe to another address without actually spending any HXG token.
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone). Some of them could be used by attackers to generate tokens out of nowhere while others can be used to steal tokens from legitimate holders. Today, we would like to report another vulnerability named multiOverflow that afflicts dozens of ERC20-based smart contracts. Our investigation shows that multiOverflow is another integer overflow bug which is similar to batchOverflow but with its own characteristics.Read more
This morning, our vulnerability-scanning system at PeckShield identified a new vulnerability named ownerAnyone in certain ERC20-based smart contracts such as AURA, which is deployed by a decentralized banking and finance platform – AURORA. This bug, if successfully exploited, might introduce the danger of serious financial accident. Fortunately, the attackers would not be financially benefited from exploiting the vulnerability. Instead, the ownerAnyone bug can be used to trigger Denial-of-Service (DoS) attack on the affected smart contracts.Read more
The ERC20-based EOS tokens are expected to become frozen on the Ethereum blockchain on June 2, 2018 22:59:59 UTC (shortly before the scheduled EOS mainnet launch). Evidently, holding a certain amount of EOS tokens at this stage is not equivalent yet to having the corresponding share of native EOS tokens. Instead, current holders of ERC20-based EOS tokens need to register their tokens through the EOSCrowdsale contract. Only after the registration, current token holders will be entitled later on the EOS mainnet with voting privilege for their favorite block producers or super-nodes, which currently undergo intensive competition and heated discussions.
In our last month study , we found as of 04/01/2018, among all issued tokens, EOS token registration rate is as low as 23.55%. One month later, we revisited and found as of 05/01/2018, the EOS token registration rate remains as low as 28.57%, with no improvement at all. Among the 28.57% registration, 10% is already reserved for block.one at the very beginning, leaving externally-circulating tokens with 18.56% registered! This is worrisome specially compared to recently leaped EOS market cap.Read more
Our automated scanning system at PeckShield discovered a new vulnerability named transferFlaw (CVE-2018–10468). This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. Different from batchOverflow  and proxyOverflow  we identified before, this vulnerability does not lead to generating countless tokens. Instead, this one, when exploited, can be used by attackers to steal others’ tokens.
Our in-depth code analysis further indicates that it is probably a scam token. We have promptly notified affected exchanges to delist the related token. Note that the token has been publicly tradable for about 10 months even though at a relatively low trade volume, we believe it poses a realistic threat to legitimate users and cryptocurrency market as a whole.Read more
On April 24th, MyEtherWallet (or MEW) users in certain areas suffered from domain hijacking and, when visiting official MyEtherWallet.com domain, may be redirected to phishing sites (physically located in Russia). As of this writing, there are 198 victims falling prey with $320K US dollars loss.
Around 12:00 PM UTC on April 24th, the DNS entries of certain Amazon servers were compromised , and a portion of web-browsing traffic (i.e., HTTPS-based web requests) to MEW were redirected to a fake phishing website. The fake website was camouflaged to have the same appearance with MEW. Note the phishing website used a self-signed TLS certificate, which is considered insecure by commodity browsers with warning pop-ups. However, users may ignore the warnings and still choose to proceed and enter their key information, which will then be stolen by attackers to immediately transfer remaining ETH balances.Read more
On 4/24/2018, 01:17:50 p.m. UTC, PeckShield again detected an unusual MESH token transaction (shown in Figure 1). In this particular transaction, someone transferred a large amount of MESH token — 0x8fff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff (63 f’s) to herself along with a huge amount fee — 0x7000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0001 to the address issuing this transaction.
Built on our earlier efforts in analyzing EOS tokens, we have developed an automated system to scan and analyze Ethereum-based (ERC-20) token transfers. Specifically, our system will automatically send out alerts if any suspicious transactions (e.g., involving unreasonably large tokens) occur.
In particular, on 4/22/2018, 03:28:52 a.m. UTC, our system raised an alarm which is related to an unusual BEC token transaction (shown in Figure 1). In this particular transaction, someone transferred an extremely large amount of BEC token — 0x8000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000 (63 0’s – In fact, there’re actually two such large token transfers, with each transfer involving the same amount of tokens from the same BeautyChain contract but to two different addresses).
Among existing digital cryptocurrency tokens, EOS gained prominence within the crypto community and has been touted as the next-generation flagship blockchain infrastructure. Its market capitalization has recently skyrocketed and makes it 5th place with more than $6B valuation . Notice that holding a certain amount of EOS tokens at this stage is not equivalent yet to having the corresponding share of native EOS tokens. In particular, before the official EOS mainnet launch in June, 2018, token holders need to register their EOS tokens through the EOSCrowdsale contract. Only after the token registration, current token holders can ‘‘own’’ their token share on the EOS mainnet right after the June launch. The ownership will further entitle token holders to vote for their favorite block producers, which currently undergo intensive competition and heated discussions.
In this blog, we take a close look at th EOS token registration progress. Our goal here is to find out how many token holders actually have completed the registration process. More specifically, considering the total supply of 1 billion EOS tokens, what is the percentage (or registration rate) that have actually completed the above registration?Read more