Are Tron Dapps At Risk For Vulnerabilities As A Result Of TronBank Dapp Attack?

Are Tron Dapps At Risk For Vulnerabilities As A Result Of TronBank Dapp Attack?

The decentralized app (dApp) ecosystem that has been supported and developed by Tron has bene growing at impressive speeds. Limited congestion and impressive security have made it a safe place for consumers to engage in new uses for crypto assets. However, after the Dapp TronBank was targeted with fake coins, the security of this platform is being challenged, and much of the community is left wondering how the attack will impact vulnerabilities in the ecosystem.

The DApp TronBank was targeted on April 10th this week, resulting in the theft of 170 million BTT tokens. Face coins, called BTTx, were used to stimulate the “invest” function, though the contract did not say if the token ID had the same pattern as an authentic BTT ID 1002000. Many people were surprised that the attack even happened in the first place, but a security firm named SlowMist tweeted about how they found vulnerabilities exposed for the TRC 10 token standard.

Ultimately, Slowmist said that the smart contract on TronBank could not just msg.tokenid. However, since the transaction basically accepted the fake BTT already, it is easy for the attacker to maintain a balance. They can even withdraw for the real value of BTT now.

The platform took a little while to evaluate and come up with an explanation for how this happened. The security firm found other projects with the same security issue on April 11th, during a check of other GitHub open-source codes. An article with Coingape revealed five contract addresses that were reflecting these security concerns:






The Beosin security team performed an analysis to determine the causes of the problems, arriving at two conclusions.

  1. There is not enough research on the mechanism of the TRON token, and it may just be learning from Ethereum’s mechanisms.
  2. The attacker is using methods that have already been used in other attacks, like the fake EOS method.

Based on this data, the team said that there should be an evaluation of both “msg.tokenvalue” and “msg.tokenid” to see if they meet expectations during the receipt of crypto assets. The team also offered the way that the vulnerable codes could be repaired. So far, official communication has not been established directly, but CEO and founder Justin Sun tweeted that they were working with security firms to correct this damage.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide