Hong Kong-based OKEX, the third largest cryptocurrency exchange in the world by trade volume, suspended all ERC20 token deposits April 25 after the discovery of what developers say is a “new smart contract bug.”
In a blog post, the exchange confirmed that the bug, called BatchOverFlow, was allowing malicious parties to “generate an extremely large amount of tokens, and deposit them into a normal address.”
“This makes many of the ERC-20 tokens vulnerable to price manipulations of the attackers,” they warn.
To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed.”
The events come just one day after a DNS exploit saw some users of ERC20 wallet resource MyEtherWallet inadvertently interact with a phishing website, exposing their login data and funds.
While some sources erroneously attributed the attack to weaknesses within MyEtherWallet’s infrastructure, developers subsequently refuted the claims.
As of press time, the source of the OKEX problem remains unknown.
The exchange has “contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack,” it adds, while customer deposits already sent will be credited once the situation has normalized.