Fake 'Ethereum' to be Found in Play Market

Fake app costs 350 EUR and just display low res ETH logo
22 August 2018   533

An information security specialist from Slovakia, Lukas Stefanko, drew attention to the appearance of another "cryptocurrency" application on Google Play, which deceives users. At a price of 355 euros (about $ 388) the program simply shows the Ethereum logo on the screen, TheNextWeb reports.

Lukas Stefanko Twitter

It is noteworthy that the program has already had more than 100 downloads.

Another sign of the scam application was the name of the developer - Google Commerce Ltd. However, these programs developed by Google are signed by Google LLC.

After the hype in Twitter and several media, Google removed the program from its application store, and at the moment it is not available for download.

In late July, Google published a new version of the rules for developers of Android-applications, according to which several new categories of programs fall under the ban, including applications for bitcoin mining and other crypto-currencies

Ethereum VM May Have Vulnerability

The vulnerability is reported by NettaLab Twitter account
12 November 2018   128

On November 9, a statement appeared in Netta Lab’s Twitter account that the organization discovered a vulnerability in the Ethereum virtual machine that allows to execute smart contracts endlessly without paying for gas online. The researchers also allegedly turned to the operator of the American database of vulnerabilities, where they registered the corresponding discovery.

Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The vulnerability can cause smart contracts can be executed indefinitely without gas being paied.

Netta Lab's Twitter

At Netta Lab's request, Google demonstrates the site of the netto.io project, which specializes in auditing smart contracts under the Netta Lab brand, but the Twitter accounts of the projects do not match. Note that the profile that reported the vulnerability was registered in November.

Many users expressed doubts about the authenticity of the information that appeared, but then the creator of the NEO project Da Hongwei said that he spoke with the CEO of Netta Labs and asked the researchers to audit the NEO virtual machine.

Nevertheless, Vitalik Buterin wrote on Reddit that this is a vulnerability in the Python-implementation of the virtual machine, which was first reported on GitHub 9 days ago. This means that the main clients (go-ethereum; parity and cpp-ethereum) are not affected.