Newdex confirmed to have been hacked by hackers who created and flooded the exchange with fake EOS. As much as $58,000 was stolen from users.
A decentralized exchange, Newdex just confirmed their platform has been hacked by hackers that managed to steal $58,000 from their users.
The hackers created an EOS-based token, which is also named EOS and use it to do transaction on the Newdex platform. Chronologically, upon the creation, as many as 1 Billion fake EOS were transferred to a Newdex account. The fake EOS were transferred multiple times, before finally an account used them to do transactions.
Using the account “iambillgates”, the hackers tried to purchase IPOS and ADD. When they saw that the transactions were successful, they began placing large orders to purchase BLACK, IQ and ADD.
The purchased tokens were then transferred to several accounts, before finally sold to Newdex users. The hackers managed to get 4,028 real EOS or around $20,642 with current rate from this transaction, which was successfully deposited to Bitfinex in 3 transfers, although there were some that are still left in the Newdex account.
According to The Next Web, the hackers were “utilizing” 2 obvious security gaps. Firstly, it only takes an EOS account to create a new token, which can be named anything, including the EOS name itself.
Secondly, it turns out Newdex, that claims to be a decentralized exchange, or as their website says “The first EOS based decentralized exchange in the world” is not really decentralized, as they’re not actually using smart contracts.
Related to the recent incident, the absence of smart contracts in the exchange meant “there was nothing to confirm the authenticity of the cryptocurrency being pumped into it”.
While the exchange has apologized for the incident and stated that they took the responsibility for the entire loss and, there are not any statements regarding the compensation for the impacted users in their official announcement.
As to EOS, another recent incident exploiting EOSBet’s smart contract was also reported by Chepicap just days ago.