The supplier of dApp-solutions Level K revealed the details of the vulnerability in the Ethereum network, which was reported on 9 November.
The developers talked about the attack called “vector for griefing”, which exploited the possibility of random calculations using the address to which Ethereum coins were sent.
The attack could be capitalized through the minting of GasToken tokens, tied to the cost of gas in the Ethereum network, due to random calculations when receiving ETH to your address, and the initiator of the transaction would have to pay for these actions. As a result, the exchanges that did not implement such precautions as gas limits were threatened.
At the same time, the vulnerability concerned not only Ethereum, but also ERC-20 and ERC-721 tokens. Thus, a potential attacker could not only deprive the “hot wallet” of some exchange of substantial funds by burning gas, but also enrich themselves.
At the moment, all trading platforms that have received notifications from Level K have implemented appropriate security measures.