A Number of Exchanges Suspend ERC20 Tokens as Bug Chaos Strikes

A number of international cryptocurrency exchanges have temporarily suspended trading in all Ethereum-based ERC20 standard coins after the discovery of a smart contract bug that makes tokens vulnerable to hacking attacks.

Exchanges such as OKEx, Poloniex and Huobi Pro moved to suspend ERC20 deposits, although Poloniex claims it has now resolved the issue.

The bug, known as batchOverflow, allows hackers to overflow code in contracts, and per Medium user ranimes, has already been used by hackers to generate large quantities of tokens which can then be deposited elsewhere. The vulnerability has already been exploited by one hacker, who was able to obtain large quantities of BeautyChain’s ERC20-based tokens.

ranimes wrote, “There is no traditional well-known security response mechanism in place to remedy these vulnerable contracts. Our results show that more than a dozen ERC20 contracts are also vulnerable to batchOverflow.”

OKEx wrote, in an official notice, “To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack.”

However, Poloniex, who had earlier suspended ERC20 activities, stated in a Twitter post, “Deposits and withdrawals for ERC20 tokens have now been re-enabled.”

A number of token issuers and exchanges, including the likes of Bittrex, have taken to Twitter or their official blogs to claim their tokens and platforms are not susceptible to the batchOverflow bug. Experts believe that ERC20-based tokens account for almost 90% of all tokens.