Hackers Nab $58,000 from Cryptocurrency Exchange by Trading Fake EOS Tokens
Hackers were able to steal nearly $58,000 worth of cryptocurrency from the Newdex exchange by exploiting a vulnerability in the exchange, according to TheNextWeb. The hackers flooded the Newdex exchange with fake EOS tokens they created themselves to buy ADD, BLACK and IQ tokens from the centralized platform.
Newdex acknowledged that an EOS account issued 1 billion phony EOS tokens. The EOS account, oo1122334455, placed purchase orders for ADD, BLACK and IQ. A total of 11,800 phony EOS orders were made. The hackers then exchanged the tokens for real EOS.
Newdex acknowledged the hackers nabbed 4,028 real EOS tokens, worth around $20,000, and sent them to Bitfinex, leaving Newdex users with cumulative losses around $58,000.
Newdex stopped the service at 15:52 on Sept. 18 after discovering an exception and activated an emergency response repair system, according to an observer on Reddit. The repair was completed at 16:33, and normal operation was resumed.
Newdex apologized for the loss, but has no plans to compensate people, according to the report.
Several days prior to the incident, the EOS community noted on Reddit that Newdex is not a genuine decentralized
exchange (DEX) despite its “misleading marketing.” The PSA said not to trust Newdex since it does use a smart contract and has not published the source code of its centralized matching server.
Instead, Newdex matches orders off-chain in a centralized server, according to the Reddit post. The post also presented a response form Newdex’s support stating it is “the first global decentralized exchange built on EOS,” and requires no deposit, no withdrawal, safe assets, and is open and transparent.
In addition, Scatter (an ecosystem for creating accountability and security in the
blockchain space) is used as a login and trading interface so that Newdex would appear to be a genuine DEX, the Reddit post noted. The reality is that users were sending funds to regular EOS accounts that don’t have any kind of smart contract running on them.