How Hackers Exploit Vulnerabilities in Centralized Exchanges With False Deposit Attacks

2023-7-28 14:45

The blockchain security firm SlowMist has shed light on certain security vulnerabilities with centralized exchanges and how hackers use them to conduct false deposit attacks.

While blockchain technology is in its early stages, hackers are developing sophisticated techniques to steal funds from projects and users.

How Exchanges Deposit Funds to Users’ Wallet

When a deposit is made to a centralized crypto exchange, there are various steps before the amount is credited to the users’ address. The infographic below shows those steps, starting with a request for a deposit and the generation of a unique wallet for the user.

SlowMist’s infographic shows the steps during deposits in centralized exchanges.

However, hackers are tricking the process by sending counterfeit transactions that the exchange identifies as genuine deposits. SlowMist shared an example of the “TON Bounce-back False Top-up.”

Case Study of False Deposit Attack in TON

Hackers have exploited the vulnerabilities in the transaction for depositing Toncoin (TON), a project from the messaging platform Telegram. 

The screenshot below shows a transaction using the RPC interface. Generally, the centralized exchanges will verify if the users’ deposit address is mentioned in the “destination” of the “in_msg” property.

Checkout our article on 9 crypto wallet security tips to safeguard your assets

However, if the exchanges fail to notice the “out_msgs” property, they might credit the users’ accounts with funds without receiving the deposit. In layman’s terms, the “out_msg” property would refund the funds to its origin account.

Screenshot of the malicious transaction for false deposit attack. Source: SlowMist

SlowMist has also shared best practices to avoid false deposit attacks:

Multi-confirmation mechanism to avoid falling trap to false deposit attack    Rigorous transaction matching to ensure the transaction matches with normal transaction pattern A risk control system that could detect malicious transactions. Manual review for larger deposits and to decrease the system reliability. Enhancing API security to stop bad actors from accessing the system  Temporary withdrawal restrictions after a user’s wallet receives a deposit.  Regular security updates to fix the vulnerabilities, if any.

Got something to say about the false deposit attack or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or X (Twitter).

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.

The post How Hackers Exploit Vulnerabilities in Centralized Exchanges With False Deposit Attacks appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

World Trade Funds (XWT) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 XWT

false attacks exchanges deposit hackers centralized exploit

false attacks → Результатов: 4


Sidechains vs Plasma vs Sharding

Special thanks to Jinglan Wang for review and feedback One question that often comes up is: how exactly is sharding different from sidechains or Plasma? All three architectures seem to involve a hub-and-spoke architecture with a central “main chain” that serves as the consensus backbone of the system, and a set of “child” chains containing actual user-level transactions.

2019-6-14 04:03