Security Firm SlowMist Discovers New Type of Attack on Crypto Exchanges

SlowMist experts have uncovered an attack that uses fake transactions to crypto exchanges, causing them to mistakenly identify the transactions as legitimate deposits and credit the funds to the attackers.

These attacks exploit bugs and system errors in the exchange mechanisms regarding deposit transactions.

Since 2018, SlowMist has identified several types of attacks, such as transactions appearing in the mempool, but never getting into the block; transactions getting into the block but not being executed due to incorrect logic; double-spending; network forks invalidating blocks and transactions; and transaction reviews.

As an example, the firm demonstrated how attackers used the last tactic to steal TON tokens as almost all internal messages between smart contracts on the network must be “rejectable.”

To prevent these kinds of attacks, SlowMist’s experts have suggested crypto exchanges implement a mechanism of multiple confirmations, strict transaction matching, a risk control system, manual verification of large transfers, and time limits on the withdrawal of deposited funds.