SlowMist Red Alert: “False Top-up” Attack

SlowMist Red Alert: If cryptocurrency exchanges, wallet and other platforms have breach in judging execute status of EOS transactions(do not judge if transactions is exectued correctly and its status is “executed”), it may lead to the serious “false top-up”. An attacker can successfully deposit EOS to these platforms without transferring any EOS.

The SlowMist Security Team has confirmed that the real attack has occurred, but it should be noted that: this time the “false top-up” of EOS attack is similar to the USDT “false top-up” disclosed previously by SlowMist Security Team, and similar as the Ethereum token “false top-up”. The platform should be responsible for this. Since this is a new type of attack, and the attack is already happening, if other platforms are not fully confident of their own deposit process verification, they should suspend the EOS deposit as soon as possible and double check the process. Specific attack details will be disclosed by SlowMist Security Team.

Update

SlowMist Red Alert: “False Top-up” Attack [Update]