Why Could Hackers Sell Single Syscoin for 96 Bitcoins on Binance ?

The price of a little-known altcoin, syscoin, soared nearly 90% on June 4, from $0.22 to $0.41, according to coinmarketcap. And the cryptocurrency community was taken aback by the sudden rise of this token.

Why did skyscoin’s price skyrocket within 24 hours? Let’s take a look at the timeline:

Syscoin team said on Twitter around on Wednesday that it noticed a possible issue on the Syscoin blockchain, and had asked for exchanges to halt trading of its SYS cryptocurrency. The announcement was closely followed by unusual transactions on Binance’s SYS oder books: at one point one SYS on the platform hit a staggering 96 BTC (around $640,000).

Three hours after Syscoin’s Tweet, Binance, the world’s largest cryptocurrency exchange by trading volume, said in a blog post that its internal risk management system detected irregular trades from a number of API users, so the exchange suspended trading, withdrawals and other account functions.

Binance identified the incident was a phishing attack by API users. The exchange has removed all prior existing API keys and asked API users to recreate their API keys from their user account center. It also rolled back all the irregular trades, and would offer zero fee trading between July 5 through 14 for anyone who was negatively affected during the usual SYS trading activity.

So how did hackers manipulate the token price with the phishing attack?

Hackers exploited a loophole to create more than 1 billion new SYS at block height 87670, changing the total supply of the token from 888 million to 1.888 billion. Then they sent the fraudulently generated coins to Binance and stole several API keys to execute these high-priced sell orders, pushing the price of 1 SYS to as high as 96 BTC.

Bitcoin developer Jameson Lopp said that it was similar to the buffer overflow vulnerability that was exploited in bitcoin in 2010 that allowed someone to create 184 billion BTC. And SYS is not under a 51% attack, according to TNW.

In March, Binance was hit by a similar API-based attack, on that case using Viacoin(VIA). Hackers exploited compromised APIs to set ridiculously high sell orders on the victims’ accounts, dumped their illicitly obtained cryptos and then cashed out.

After investigation, Syscoin find the blockchain itself is safe and have requested exchanges to reopen SYS tradings.  Binance re-enabled trading of SYS on Wednesday afternoon.SYS is trading around $0.21 to press time,  down almost 21 percent over the 24-hour period.

< <上一篇