Hackers managed to breach a crypto exchange, Newdex, with fake EOS tokens. The result of the operation was that almost $58,000 were stolen from the exchange directly.
Newdex, a decentralized exchange, was targeted and the hackers flooded the exchange with almost 1 billion fake EOS tokens that they reportedly created themselves. The tokens which were used for the hack were created on an EOS platform, and were also named EOS. The attackers unjustly purchased IQ, BLACK and ADD tokens from the exchange.The exchange confirmed the scam; later naming the account that performed it as “001122334455”. Also, the exchange verified that almost 11,800 fake orders were placed through the use of fake EOS coins. The exchange apologized for the breach, but made no promise of any compensation.
How did the hack take place?
After an early investigation, it was revealed that the blame could be put on two grounds. The first is that anyone can make their own token on EOS, and name it anything they want, including EOS. The second one includes the fact that Newdex doesn’t require smart contracts because of which it is impossible to actually confirm that the tokens pumped into the system are actually what they seem to be. Without a smart contract, users of the exchange are simply sending funds to a personal EOS account with a hope that the trade will be conducted properly.
This is due to the fact that developers are using the popularity of DEX (decentralized Exchanges), and addressing the exchanges as one. Additionally before the incident, it was proven that Newdex is not a real DEX,and it was stated that scatter is presented as a trading and login interface to make it look like a DEX. Actually, the users are transferring funds to regular EOS accounts that have no smart contracts.
This is referred to as Newdex pocket, which is an EOS account with no smart contracts, meaning that the users are sending funds to a regular EOS account, with no actual confirmation that they are making a real transaction.
Another problem is that the Newdex app EOS account has active permissions and owners using the same keys. This creates a path for the hackers to exploit the Coin Exchange in comparison to competitors who have multi signature wallets.
In the end, the Newdex hack might not be one of the most prominent hacks, but it definitely is a big blunder. What matters the most is that it might affect people’s opinions on DEX and decentralized internet to a great extent.
In stark contrast, centralized crypto-exchanges provide better security against hacks. Platforms like PCEX are safeguarded using the Clark-Wilson model of security architecture with a focus on data integrity. The platform also has a broker channel and all trades are placed through the sub-brokers, adding another layer of security.
Do you think centralized exchanges are safer than decentralized exchanges? Comment below.
