According to the recent reports, $1 billion fake EOS tokens were used by hackers to steal the funds of users who were trading on Newdex decentralized cryptocurrency exchange.
Even though the attack didn’t make its mark upon the EOS/FIAT trading yet, it is a serious reminder that decentralized exchanges can’t be considered any safer than their centralized counterparts.
Newdex Confirmed the Attack
The confirmation of malicious actions came soon after the attack, as the exchange admitted that $58,000 were stolen.
The EOS account oo1122334455 supposedly launched the attack by placing big sell orders to buy BLACK, IQ and ADD.
These newly acquired tokes were then exchanged for 4028 EOS, which was then transferred to one of the largest centralized cryptocurrency exchanges in the world, Bitfinex.
The Decentralized Exchange Dropped the Ball
It is interesting to know how the decentralized exchange let $1 billion of fake EOS get on their system in the first place.
Although Newdex states that “the platform is participant in EOS Ecology, and their vision is to give users a better-decentralized trading experience,” they failed to confirm whether EOS tokens pumped into the exchange were real.
The only apparent reason we could find lays in a fact that anyone using the EOS framework, and having an EOS account, can issue such a token and even name it “EOS.”
Since Newdex doesn’t use smart contract security features, it couldn’t verify tokens’ authenticity.
No Word of the Refund
As it is obvious, the responsibility lays on the trading platform as the development team behind it failed to ensure the minimum security needed to prevent the attack, and Newdex accepted that responsibility.
However, until the time of writing, no official announcement regarding the reimbursement of the 11,803 users’ EOS lost in the attack has reached us.
The Community has Erupted
Since the word of this hack reached the community, the accusations towards Newdex keep piling up.
“Newdex lied about being a true DEX (decentralized exchange). So this story doesn’t surprise me one bit. Assume and expect the worst from a project that actively lies to its users,” Redditor Amoanon said.
Another Redditor, Halperwire, put up a valid question: “How did the DEX not check if the EOS was valid before accepting it?”
The same Redditor reflected on Newdex’s comment in which they stated that the attacker seriously undermined the ecological stability of EOS by declaring that “it sounds as if the fault does not fall on Newdex but the EOS platform itself.”
Is EOS’ Ecological Stability in Jeopardy?
It is a bit disheartening that anyone with EOS account, using EOS framework, can issue a token also called EOS, but the responsibility is entirely in Newex’s field.
The decentralized exchange claims that they have dealt with the attack successfully, but the lack of security on their platform has given value to the worthless token, and that presents a big problem.
Even though the amount of $58,000, which was stolen from Newdex’s clients, is relatively small compared to other, much bigger, hacker attacks, the overall trust towards the decentralized exchanges has been seriously undermined.
One thing that comes to mind about how would they repair the damage (besides the repayment for the losses caused by their system), since they have already given value to the worthless token, is to list it on their trading platform (as Useless Ethereum Token was once, and still is, indexed).
That way we would not call it fake EOS anymore, but it would be a real cryptocurrency asset with its founder, purpose, and a real name – Useless EOS Token (UET), or one more descriptive, EOS Hacking Token (EHT).
Or, maybe better, EOS paid a big bounty of $120,000 to a person who found vulnerabilities in their system, why shouldn’t Newdex?