Cryptocriminals have exploited an enormous security vulnerability on the Newdex decentralized digital assets exchange to steal nearly $58,000 from customers, by creating 1 billion fake EOS tokens, reported The Next Web on September 18, 2018.
Bad Actors Exchange Fake EOS Altcoins for BLACK, IQ and ADD Tokens
According to The Next Web, hackers succeeded in creating 1 billion EOS-based tokens on the Newdex exchange, named it ‘EOS’ and used the phony coins to purchase nearly 58K BLACK, IQ and ADD tokens before exchanging the tokens for real EOS coins.
Per a statement by Newdex, the cybercriminals placed a total of 11,800 fake EOS orders and siphoned 4,028 real EOS (roughly $20,000) to Bitfinex exchange.
In all, users of the platform have lost about $58,000 from the attack.
“EOS user oo1122334455 issued 1,000,000,000 fake EOS tokens. After carrying out a feasibility study of the hack, the account began to place massive buy orders. Fake EOS tokens totaling 11,800 were issued to purchase BLACK, IQ and ADD tokens,” stated Newdex.
The Newdex team has apologized for the ugly incident; however, no concrete plans have been made yet on how to reimburse the victims.
Newdex is Not a Decentralized Exchange?
In this new age of smart contracts, it’s quite surprising how a cryptocurrency exchange that claims to be entirely decentralized will function without smart contracts.
While decentralized cryptocurrency exchanges are far more secure as compared to centralized cryptocurrency trading platforms due to the presence of smart contracts, coupled with the fact that people’s’ private keys are not stored on a centralized database, the Newdex heist was only possible because there are no smart contracts to handle transactions on the site.
Although EOS allows users with an EOS account to develop own altcoins and give it whatever name they so desire, including EOS, on a fully decentralized cryptocurrency exchange running on highly functional smart contracts, it would have been impossible for the hackers to exchange fake EOS coins for real tokens.
Per TNW, Newdex is a completely centralized crypto trading platform disguising itself as a DEX, while in reality, a single user account handles all transactions on the platform.
They deceptively present ‘Scatter’ as the login and trading interface, so users feel they’re using a DEX, but the truth is funds are not sent to a smart contract. They are sent to Newdex’s account, ‘newdexpocket,’ which doesn’t even have a smart contract programmed on it.
Of a truth, Newdex is a horrible example of a decentralized cryptocurrency exchange.
However, there are quite many credible blockchain projects looking that have developed highly functional DEXs.
As previously reported by BTCManager, in July 2018, AlphaPoint cryptoassets startup launched DCEX decentralized exchange to service retail and institutional clients.