/OKEx Suspends ERC20 Deposits on Discovery of Critical Ethereum Smart Contract Bug

OKEx Suspends ERC20 Deposits on Discovery of Critical Ethereum Smart Contract Bug

46 total views, 1 views today

Hong Kong-based OKEX, the third largest cryptocurrency exchange in the world by trade volume, suspended all ERC20 token deposits April 25 after the discovery of what developers say is a “new smart contract bug.”

In a statement published Tuesday, OKEX announced the suspension of deposits, explaining that attackers have exploited a newly-discovered smart contract bug called “batchOverflow” to generate “an extremely large amount of tokens” out of thin air and then deposit them into a normal Ethereum address.

From the statement:

“We are suspending the deposits of all ERC-20 tokens due to the discovery of a new smart contract bug – ‘BatchOverFlow’. By exploiting the bug, attackers can generate an extremely large amount of tokens, and deposit them into a normal address. This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers.”

“To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack,” the exchange operator added.

Changelly, a cryptocurrency trading service that acts as a broker between users and exchanges, has also suspended ERC20 token trading in response to the exploit.


A Medium post published over the weekend claims to have discovered the vulnerability, which the author says affects “more than a dozen ERC20 contracts.”

According to the post, batchOverflow is a “classic integer overflow” issue, which occurs when an operation attempts to use a numeric value outside of the range that the variable is able to represent with its allocated number of bits.

The post includes a proof-of-concept, which appears to show the researchers generating a nearly unlimited amount of tokens from a vulnerable ERC20 token contract.