Ethereum has broken the headlines for a number of different reasons this week. The big news of the week came as a result of a slight ‘flippening’ that saw XRP finally surpass Ethereum by market capitalisation, knocking Ethereum off the top spot that it has held for an awfully long time now.
What has happened here?
Ethereum is most known as the second most popular cryptocurrency in the world. Indeed, by market capitalisation this is no longer the case, after sinking value and sinking market capitalisation within Ethereum allowed XRP, the token native to Ripple’s technologies, to finally overtake Ethereum and hold on to the highly sought after, second place. This ‘flippening’ might only be temporary, though it does encourage many Ethereum investors to start asking questions.
This is down to a market that has really dragged cryptocurrency down over the past few days Bitcoin had slipped well past the vital $5,000.00 threshold and Ethereum itself has also hit some quite shocking lows. XRP on the other hand managed to keep hold of a big chunk of it’s value and managed to avoid falling into the trap that seems to have been set by Bitcoin. As a result of this, XRP has managed to climb up the rankings and retain some of it’s value, all thanks to what seems to be speculation surrounding XRP and the infamous Coinbase debate.
What I am saying here is that Ethereum hasn’t slipped down because of any of its own mistakes, Ethereum has simply dropped as a result of an organic market trend, whilst XRP has somehow managed to avoid getting sucked into this, hence the ‘flippening’.
Bad actors on the Ethereum network
As the title suggests, we are now going to explore bad actors on the Ethereum network, as it does seem that recently, Ethereum based tokens have been subject malicious activity. The Ethereum blockchain has been built to be decentralised and globally accessible. Anybody can engage in Ethereum, making it a perfect platform for investors, developers and general technology enthusiasts. It’s an open source haven for the tech savvy, which does sound like a good thing, right? This however can mean people with bad intentions can access the platform, which increases the likelihood of Ethereum products falling victim to hacks and malicious attacks.
An example of such a group of bad actors has been reported recently, after Ethereum developers ‘Level K’ reported the discovery of a vulnerability within the Ethereum network that allows hackers to mint GasToken whilst accepting Ethereum payments. According to CCN:
“By minting vast amounts of GasToken while receiving ETH, it would be possible at least in theory for such a griefing attack to become profitable to a bad actor. What is more, the risk is not limited to ETH, but also includes all Ethereum-based tokens such as those built on ERC-721 and ERC-20 standards.”
These minting attacks in essence, allow hackers to manipulate transactions (paid for by a legitimate user) which cause transaction sources (like exchanges for example) to have to pay for the extra computation power used in the transaction, this is known as gas on the Ethereum network. The gas payments are then sent to the hackers, who have in turn ‘minted’ new tokens.
Importantly, this hack could have impacted any token created on the Ethereum network, so not just Ethereum itself, but also ERC-20 and ERC-721 based tokens.
According to CCN, the report released by Level K goes into further detail, referencing a case study that aims to explain this type of attack in further detail:
“In the simplest exploit scenario, Alice runs an exchange, which Bob wants to harm. Bob can initiate withdrawals to a contract address he controls with a computationally intensive fallback function. If Alice has neglected to set a reasonable gas limit, she will pay transaction fees out of her hot wallet. Given enough transactions, Bob can drain Alice’s funds. If Alice fails to enforce Know Your Customer (KYC) policies, Bob can create numerous accounts to circumvent single-account withdrawal limits. In addition, if Bob also wants to make a profit, he can mint GasToken in his fallback function, and make money while causing Alice’s wallet to drain.”
Now we must note that hacks aren’t just localised to the Ethereum network, any cryptocurrency can be subject to hacks (yep, even the ultra secure ones), however the nature of Ethereum means that these sorts of hacks are more common, simply because there are so many tokens built upon the Ethereum protocol. One hack or vulnerability can impact many different tokens, basically.
As we have stated, Ethereum is an open source universe, one that is full of different products. A downside to this community culture is that it does mean that the risk of hacks and attacks is somewhat heightened, and the scale of these attacks can be far greater than we would expect to see on other, smaller blockchain networks.
Thankfully, the minting vulnerability discovered by Level K has now been addressed:
“Exchanges potentially affected by the vulnerability were notified privately on November 13, and because it was not possible to say exactly which ones had no protections in place, this notification was sent to as many exchanges as possible, all of whom have now implemented patches to fix the problem.”