Millions of Dollars in Ether Remain at Security Risk – 34,200 Vulnerable Smart Contracts Discovered

Bitcoin might have seen unprecedented popularity over the past few months for its unpredictable dips and hikes, but it was Ethereum that managed to get most of the news space. While the currency has also experienced incredible growth over the last year, it has also been at the center of several cryptocurrency security issues and controversies. One of these was particularly devastating when it was revealed back in November that a user named Devops199 had unintentionally triggered a bug that froze $280 million in Ethereum.

Devops199 did that by essentially making themselves an owner of a smart contract. Much on that particular incident has already been discussed, but now it appears more millions could be at risk because there are over 34,200 of these contracts that potentially expose millions of dollars’ worth of ether to hackers.

Motherboard reported on research conducted by the National University of Singapore (NUS), Singapore’s Yale-NUS College and the UK’s University College London (UCL) that has revealed that thousands of smart contracts remain vulnerable. “A sample of roughly 3,000 vulnerable contracts that the team verified could be exploited to steal roughly $6 million worth of ether,” suggesting that a much larger sum could be potentially frozen or stolen.
Researchers downloaded entire Ethereum blockchain

Their research [PDF] documents a tool called MAIAN that the team developed to analyze nearly one million smart contracts for vulnerabilities which could lead to frozen coins or a total destruction of these contracts. The tool uses the entire Ethereum blockchain to make a private fork for testing purposes to make sure current contracts or funds aren’t disturbed.

“Imagine your goal isn’t to interact with the vending machine in a proper way, but rather you want to break it or get it to serve you for free,” Ilya Sergey, an assistant professor of computer science at University College London and co-author of the research told the publication. “Assume we put a few coins in the machine, and just start randomly pushing buttons hoping that the inner workings of the vending machine – which we have no knowledge about, springs and whatnot – eventually releases the latch so you can take the candy.”