As many as a dozen or more ethereum-based ERC-20 smart contracts have been found to contain bugs that let attackers create as many tokens as they want.
While the bugs – first identified on April 22 and April 24, respectively, in a pair of posts published on Medium – aren't tied to the ERC-20 standard itself, the issues prompted a number of exchanges to suspend ERC-20 tokens as they investigate. Those exchanges included OKEx, Poloniex, Changelly, Quoine and HitBTC.
Huobi.Pro separately announced on April 25 that it had suspended all coins, but has since limited that to ERC-20-based tokens. As of press time, Poloniex has moved to reinstate services for ERC-20 tokens.
In one example, an attacker transferred a whopping 57,896,044,618,658,100,000,000,000,000,000,000,000,000,000,000,000,000,000,000.792003956564819968 BeautyChain Tokens – as shown by transaction data on Etherscan – on April 22, a development that prompted the initial investigation into the issue.
“Our study shows th..