Millions of dollars in Ethereum could be stolen by attackers

Posted Feb 23, 2018 by James Walker
Flaws in smart contracts could allow attackers to steal millions of dollars in Ethereum, according to security researchers. Over 34,000 smart contracts are affected by vulnerabilities that could let anyone acquire the contents of cryptocurrency wallets.
Blockchain marketing platforms are on the way
Blockchain marketing platforms are on the way / Pexels
Ethereum has risen to prominence as a blockchain network for smart contracts. These contracts are supposed to offer transparency and security for value transfers. However, researchers have discovered that flaws in their implementation could completely undermine the benefits they claim to provide.
As reported by Motherboard, a team of investigators has published a technical report on the issues. It details how over 34,200 smart contracts are vulnerable to a hijacking technique that allows the theft of Ethereum coins. The team comprises researchers from the National University of Singapore, Singapore Yale-NUS College and University College London.
To uncover the problems, the researchers deliberately interacted with the blockchain in an unusual way. They likened it to trying to get a vending machine to serve you for free, by "randomly pushing buttons" until a result occurs.
READ NEXT: "Glitch" let customer purchase $2 trillion in Bitcoin for free
After downloading the entire Ethereum blockchain, they began interacting with the smart contracts that reside on it. By iterating on these replicas, they were able to find an assortment of vulnerabilities that could give an attacker complete control.
Of the 34,000 contracts identified, 3,759 were selected to test a series of real-world exploits. Using the testing suite, the vulnerabilities were reproduced with an 89 percent success rate. If they were successfully exploited, over $6 million worth of Ethereum could be stolen from the contract owners.
Smart contracts have been successfully infiltrated in the past. Last year, a user known as "DevOps1999" successfully claimed ownership of a smart contract code library and managed to steal $150 million in Ethereum. The user exploited vulnerabilities in the Parity wallet. Parity hasn't managed to recover all the funds.
The research findings demonstrate that Parity's far from the only smart contract provider to be at risk. The team has tried to contact the creators of the vulnerable contracts but has not yet succeeded. The serious flaws could jeopardise the blockchain's growing role in industry, as it's now clear that many supposedly secure systems are anything but. However, the issues are difficult to reproduce and haven't been publicly disclosed, so the possible impact is mitigated for now.
READ MORE: Tesla servers hijacked by cryptocurrency miners