One of the most important cryptocurrency exchanges OKEx, has decided to suspend deposits of ERC20 tokens after discovering a serious bug in some smart contracts. The information has been released by the company in a statement on April the 25th. OKEx is the third virtual currency exchange in the world by trade volume.
OKEx Suspends ERC20 Deposits
The Hong-Kong based exchange, OKEx, announced that by exploiting a bug, attackers were able to generate tokens out of thin air. This creates a situation in which ERC20 tokens are vulnerable to price manipulations. Apparently, the bug is known as “BatchOverFlow.”
The company wrote:
“We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug – “BatchOverFlow”. By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.”
The company explains that because of this reason they will be suspending deposits of all ERC-20 tokens until the bug is fixed. Moreover, they are working side by side with the affected teams in order to prevent similar situations in the future.
“To protect public interest, we have decided to suspend the deposits of all ERC20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.”
Changelly Suspends ERC20 Deposits
But OKEx was not the only platform that stopped accepting deposits of ERC20 tokens. The Cryptocurrency trading service Changelly announced that due to an exploit check ERC20 will be temporarily unavailable.
The company wrote in a blog post:
“Built on our earlier efforts in analysing EOS tokens, we have developed an automated system to scan and analyse Ethereum-based (ERC-20) token transfers. Specifically, our system will automatically send out alerts if any suspicions transactions occur.”
Changelly explains that their system raised an alarm related to an unusual BEC token transaction that was extremely large.
According to the post uploaded by Changelly that was posted over the weekend, the BatchOverflow is a ‘classic integer overflow’ that occurs every time there is an attempt to use a numeric value that is outside the range that the variable is able to represent with its allocated number of bits.
At the moment of writing this article, there is no information about which specific cryptocurrencies have been affected by this bug. But as we mentioned before, BeautyChain (BEC) is one of the first virtual currencies that has been exploited by the BatchOverflow.
OKEx did not provide further information, but they explained that they will be working in order to give an answer to those individuals affected by the bug. If some users deposited ERC20 tokens and did not arrive yet, that’s nothing to be worried about. The deposits will be credited once the situation is normalized and as soon as the exchange will know something else about the bug.