According to a recent research conducted by a team of Australian-Chinese universities, 99% of ERC20 tokens created before 2017 have vulnerabilities and are exposed to an attack called “Fake Deposit” that makes them unsafe, especially on the exchange side.
This type of attack exploits a bug in the token balance and, unless a check is put on some functions such as “transfer” and “transferFrom”, there is a risk that the ERC20 will end up in the accounts of criminals who invoke these functions.
The numbers of the report
The team analyzed more than 176 thousand tokens based on the Ethereum blockchain and of these, 7772 tokens were identified as susceptible to this problem.
We are talking about 4.42% of the tokens that are still in circulation, a figure that may seem small but which also includes very famous tokens.
In fact, among the tokens that are in this list there are, only to name the most famous ones:
- the Huobi token (HPT),
- BAT the token of the famous browser Brave.
These tokens, especially if found on exchanges, seem to be susceptible to theft, exploiting the bug identified by this university research.
The percentage could have been more frightening but thanks to the introduction of EIP-20 in 2017, related precisely to the management of tokens, the problem has been solved.
Exchanges are also in danger
The report also says that only some of the most famous tokens have been revealed but there are others, less important, that have this kind of problem.
This bug also affects several exchanges and only some of them have taken security measures to deal with it.
The researchers therefore invite to update the platforms because there may be further losses of these tokens in the future, so it is possible to expect at least another 7 thousand different attacks against centralized exchanges, which by their very nature store the tokens of thousands of users.