Yesterday (18th September 2018) the news broke that a decentralised cryptocurrency exchange (DEX) called Newdex was hacked to the tune of roughly $58k due to their complacent design which lacked a smart contract.
While it may seem like a pittance in comparison to the more publicised and famous crypto hacks which have seen scammers escape with literally millions of dollars, it is still something which is worth noting and, personally, I think it emphasises the need for anyone who is intent on using a young exchange to thoroughly do their own research before making any deposits.
How It Happened
The way in which the opportunist scammers managed to steal the funds was by taking advantage of the system which Newdex decided to employ on their platform. A system which, if I am brutally honest, was naively constructed and places the blame entirely on those who manage the exchange.
As briefly mentioned, the Newdex exchange is a decentralised exchange which means anyone can use it without signing up. You simply need a method of interacting with the blockchain which the DEX uses, in this case the blockchain was EOS and the method of connecting is the popular EOS app Scatter.
Generally speaking, DEX’s tend to use smart contracts to verify all deposits and withdrawals from their system (see IDEX, EtherDelta & ForkDelta), this level of security ensures people do not, for example, buy OMG and end up receiving a fake ERC20 token falsely named the same.
However, due to their lack of a smart contract, the Newdex system allowed hackers to create a token on the EOS network and call it ‘EOS’, they then sent 1 billion fake EOS tokens to the Newdex exchange and traded them for BLACK, IQ and ADD tokens as if they were real EOS tokens. After collecting a significant amount of their selected tokens the hackers proceeded with dumping them to acquire a tidy sum of 4,028 real EOS tokens worth roughly $20k USD.
As you can probably piece together yourself, this hack left those who legitimately thought they were buying real EOS tokens out of pocket and Newdex is yet to inform the public as to whether they plan to reimburse those who were affected. The total amount of money which users are said to have lost amounts to roughly $58k USD.
How Can You Protect Yourself?
As with all crypto hack which occur, this is something which will leave punters in a situation where they are wondering what they can do to prevent themselves from falling victim to one of the many attacks which would leave them out of pocket. In simple terms the answer is do your own research.
I know that is a statement which is banded about the crypto-space like it is going out of fashion, but it is genuinely one of the most important phrases you will ever hear. While the blame for the Newdex hack falls unavoidably at the feet of the Newdex team it must be said that anyone looking to interact with a dApp or exchange needs to be on top form when assessing the vulnerabilities which could appear as a result of using it.
This could seem like some really basic advice but, sadly, it is all that can be advised in our newly forming industry which is very akin to the wild west. Remember, if something is extremely new, give it a while to see if anyone notices something iffy about it. Especially if it is ‘the first of its kind’.
As we all await the Newdex announcement regarding reimbursing the funds of their users I am urging everyone in the EOS space to stick to established exchanges for the time being or risk falling victim to the next ‘hack’ which will undoubtedly happen in the future.