Security Firm Exposes Tactics Behind Fake Deposit Attacks on Exchanges
- Security firm SlowMist reveals the alarming rise of fake deposit attacks targeting crypto exchanges.
- Attackers exploit system errors to deceive exchanges, obtaining crypto for free.
- The tactics include fabricating events, zero confirmation, and fake coins.
In a recent blog, blockchain security firm SlowMist revealed the alarming prevalence of fake deposit attacks targeting crypto exchanges. These attacks exploit system errors in exchanges’ deposit operations, allowing attackers to deceive the exchanges into crediting digital assets to their accounts without any actual payment.
The security firm outlined the typical deposit process in exchanges and noted that the decentralized architecture of blockchain prevents security measures from blocking such malicious transactions from scammers.
SlowMist clarifies that fake deposit attacks are not inherent blockchain vulnerabilities; instead, attackers exploit specific blockchain characteristics to create deceptive transactions.
SlowMist’s security team identified 12 common attack tactics. These include the “Zero Confirmation” technique, where the deposit transaction is credited before being included in a block, allowing attackers to invalidate it.
Another method is the “Fake Coins” attack, where the exchange credits users without distinguishing the type of deposited assets, leading to account credit errors.
Also, SlowMist noted that smart contracts are used to construct events similar to actual deposit events, called Fabricated Events, tricking the account verification program and causing misjudgment in user account credit.
It was further revealed that interface or data processing issues could cause the same transaction to be credited multiple times, leading to a double-spending attack.
The report emphasizes that fake deposit attacks severely threaten exchanges, necessitating emergency measures and preventive strategies to safeguard assets. By providing detailed case studies and Analysis, SlowMist aims to enhance the understanding of these attacks and their impact.
Over the past five years, SlowMist has publicly disclosed several fake deposit attacks, such as those targeting USDT, EOS, Ethereum Tokens, and Bitcoin. However, there are undisclosed classic and universal attack methods, indicating the importance of continued vigilance and proactive security measures in the crypto community.
To combat these deceptive practices effectively, SlowMist urges exchanges to fortify their defense mechanisms and ensure data integrity within their systems.
Comments
Post a Comment