Hackers Flood Newdex Coin Exchange with 1 Billion Fake EOS to Steal $58,000 Worth of Real Digital Assets
Hackers flood the Newdex Coin Exchange with 1 billion fake EOS and steal $58,000 worth of legitimate Digital Assets
Owing to a security flaw, one of the decentralized coin exchanges was hacked and $58,000 worth of crypto coins is now in the wrong hands. The hackers managed to pull this off by creating around 1 billion fake EOS altcoins and flooding them on the Newdex cryptocurrency exchange.
This is clearly one of the reasons crypto investors are advised that the digital assets are highly volatile bearing a good percentage of unpredictable risks.
The hack has since been confirmed by the Newdex team whom admit that an EOS-built altcoin also named ‘EOS’ was developed to create confusion within its market. The fake token was used to buy a couple legitimate digital assets that include the ADD, IQ & BLACK tokens.
According to the statement by Newdex, the hackers used an EOS crypto account with the following no. oo1122334455 to issue the 1 billion counterfeit EOS cryptocurrencies. Once the hackers had tested the probability of getting away with the hack, they used the account to make orders to buy digital assets totaling to 11,800 filings. It is in this process that they exchanged the fake altcoins for ADD, IQ and BLACK digital currencies.
The crypto coin bandits later exchanged the purchased digital assets for real EOS cryptocurrencies. Newdex was left to account for its losses together with that of affiliate DApps built on this platform. Stats reported by the coin exchange reveal that the hackers got away with 4,028 EOS altcoins whose worth is around $20,000. The transactions done to hide the stolen digital assets were linked to crypto coin exchange Bitfinex desk.
At the moment, Newdex’s team is yet to start planning on compensating its stake holders but have expressed their uttermost regret and apologies for this incident.
This situation appears to have been driven by two main factors; the pioneer is the grey area in creating a token on EOS. Users can build DApps on the EOS platform and have the freedom of choosing a name of their choice including ‘EOS’.
Newdex is also not a ‘smart contract’ oriented platform which leaves it vulnerable in the confirmation of transactions. Due to this inefficiency, the coin exchange was not able to know whether the fake EOS coins were authentic or not as would have been the case.
Sentiments from other crypto news sources have partially blamed EOS for this hacking. This is simply because the project is taking the advantage of the hype on Decentralized coin exchanges to handle more assets.
However, the approach lacks in the decentralization aspect given that EOS operates the opened accounts from its own ‘single’ account. The same had been echoed by its community just a couple days before Newdex was hacked,
[…] They deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it.
As of press date, the EOS ‘Newdexpocket’ account is yet to upgrade to smart contracts. This simply means that users within this platform are still transacting the EOS crypto coins hoping their orders will be filed correctly.
To make matters worse, the Newdex App EOS account has the active permissions and owners sharing the same keys. This creates an avenue for hackers to exploit the coin exchange in comparison to peer competitors that have multi-signature wallets. From an analytical point of the project’s fundamentals, not much detail was given to the keys compared to improving the security issues and leaving the ‘smart contract’ concept at this expense.