Fake EOS Creation Robs Newdex Exchange

Hackers used the EOS ecosystem to create one billion bogus tokens and then exchange them for real EOS.

The EOS ecosystem allows anyone to create a token of any name, and hackers have exploited that option, as explained in detail in a Reddit thread dealing with the attack. The Newdex exchange admitted to the hack, marking losses in BLACK, IQ, and ADD tokens.

The EOS attack resembles an older form of scams which affected the Waves platform and the NXT exchange service. These two platforms allow the creation of any token, as well as an internal exchange. In the case of WAVES, instances of faked Bitcoin (BTC) were not a rarity. Faked Ethereum (ETH) tokens have also caused confusion.

Reddit users also noted that the reason the fake EOS tokens were sold so easily and without verification was the lack of a smart contract. This means that Newdex does not act as a true decentralized exchange, so the parameters of the deposited digital asset were not checked.

Hackers managed to withdraw 4,028 real EOS and send them to Bitfinex. The total loss for the EOS ecosystem and Newdex users is 11,803 EOS.

But the bigger concern is that the lack of a smart contract means all deposits to Newdex are, in fact, at the mercy of human-based governance. A smart contract would ensure an immutable record of deposits and potentially guaranteed withdrawals. Using merely a deposit account gives no such assurance and proof of ownership of the deposit, making it no different from a regular exchange wallet.

According to DappRadar, Newdex had 453 users in the past 24 hours and clocked 12,474 transactions. It does not rank among the most used EOS dApps but remains among the more prominent services.

After the news, EOS prices slid under $4.80 but later recovered to $5.07. The relatively small losses did not manage to cause much of a stir since the market has absorbed hacks worth millions of dollars. But the blow on the EOS ecosystem, which follows the recent hack of the EOSBet casino, may start to weigh on its image. No signs of account freezes have surfaced.

Neither the author nor the publication assumes any responsibility or liability for any investments, profits, or losses made as a result of this information. Cryptocurrency trading and investing are risky propositions, and market participants are advised to always conduct thorough research.