Categories: CryptoNews

Hacker Uses Malicious Smart Contract to Trick EtherDelta Users

EtherDelta is quickly becoming one of the go-to solutions when it comes to exchanging ERC20 tokens. In fact, there is no token that can’t theoretically be traded on this platform. Unfortunately, the protocol was targeted by hackers a few days ago, in the form of a malicious code injection. Thousands of dollars worth of cryptocurrency was stolen in the process. This attack vector has been fixed already, which is a good sign.

EtherDelta “Hack” is Pretty Disconcerting

No one will be surprised to learn EtherDelta has become one of the more popular ERC20 trading platforms in the world today. Most major exchanges hardly list any ERC20 tokens these days, although the more prominent ones can be found eventually if one has enough patience. For those users who can’t be bothered to wait, however, there is EtherDelta. It is a convenient solution which provides quite a few liquid markets these days.

What makes EtherDelta so appealing is how the entire “exchange” is one smart contract. This is a good example of how powerful such smart contracts can be and how they can be used for many different purposes. This clever use of smart contract technology removes the need for centralized servers. In fact, this is a true decentralized application, of which we can only hope to see more moving forward. That doesn’t mean EtherDelta is completely safe from hacks, however.

It seems someone successfully injected malicious code into the EtherDelta “project”. More specifically, an unknown assailant started distributing a link to an unlisted EtherDelta token to cryptocurrency enthusiasts all over the world. Somehow, this link also made its way to the official EtherDelta chat room, which made it appear all the more legitimate. In reality, the URL linked to a malicious smart contract deployed by the attacker. The contract is a JavaScript code which, when executed, gives the assailant full access to data on the user’s session on EtherDelta.

Related Post

To put this into normal language, the smart contract allowed the attacker to read the private keys belonging to users’ EtherDelta wallets from the browser session directly. Said private keys were then sent to a PHP script, which allowed the hacker to successfully take over the wallets in question and empty account balances with relative ease. Most victims didn’t even realize the attack was taking place, considering the EtherDelta interface runs a lot of JavaScript code already. Plus, the wallets used to collect user funds are different from the information contained in the contract itself.

Although it is unclear exactly how much money was stolen, it appears several thousands of dollars worth of cryptocurrency is now in the hands of an unknown assailant. All of this goes to show cryptocurrency users should never trust custom token URLs related to EtherDelta or any other platform providing any functionality. The EtherDelta team has ensured such exploits can no longer be performed in the future, which is a positive turn of events. This does mean there is no trustless exchange model in existence right now, though, which is not entirely surprising.

According to Christian Montoya, there is a lot more to this JavaScript code than originally assumed. Do keep in mind the official investigation is still ongoing and a lot of relavent information has yet to be revealed. It is not the first time a hacker has successfully stolen ERC20 funds, mind you, but it is the first time someone did so using EtherDelta URLs. Thankfully, it will also be the last time, but rest assured criminals will come up with new tricks before long.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

OKX Wallet Sees Whales Massive Moves; More on Plus Wallet & Coinbase  

Plus Wallet Impresses with its Speedy 15-Min Token Listings While Coinbase Unveils AI Tool &…

2 hours ago

100% Bonus with BlockDAG! Ethereum Eyes Breakout, Sui Plans To Expand

BlockDAG Rolls Out Limited Time 100% Bonus For Community While Ethereum Price Looks Bullish &…

3 hours ago

Best Crypto Wallets 2024: Top Choices for Security & Rewards

The 5 Best Crypto Wallets Worth Using in 2024 — Find Out Why Selecting a…

4 hours ago

Ethereum Ecosystem Primed For A November Rally – ETH Coins Chainlink (LINK), Toncoin (TON), And Cutoshi (CUTO) The Ones To Watch

With a Total Value Locked (TVL) of $50.72B, Ethereum is the world's largest blockchain, with…

10 hours ago

Analysts Predict a Rollblock 5000% Surge Dwarfing Pepe Coin and Popcat Recent Fame

The meme coin market has recently been surging once again; tokens such as Pepe and…

20 hours ago

FLOKI Dominates Meme Market as Rollblock ICO Skyrockets. Is Polkadot Losing Its Edge?

The FLOKI price has recorded over 300% yearly ROI, dominating crypto gains in the meme…

20 hours ago