The blockchain security firm SlowMist has shed light on certain security vulnerabilities with centralized exchanges and how hackers use them to conduct false deposit attacks.

While blockchain technology is in its early stages, hackers are developing sophisticated techniques to steal funds from projects and users.

When a deposit is made to a centralized crypto exchange, there are various steps before the amount is credited to the users’ address. The infographic below shows those steps, starting with a request for a deposit and the generation of a unique wallet for the user.

However, hackers are tricking the process by sending counterfeit transactions that the exchange identifies as genuine deposits. SlowMist shared an example of the “TON Bounce-back False Top-up.”

Hackers have exploited the vulnerabilities in the transaction for depositing Toncoin (TON), a project from the messaging platform Telegram. 

The screenshot below shows a transaction using the RPC interface. Generally, the centralized exchanges will verify if the users’ deposit address is mentioned in the “destination” of the “in_msg” property.

Checkout our article on 9 crypto wallet security tips to safeguard your assets

However, if the exchanges fail to notice the “out_msgs” property, they might credit the users’ accounts with funds without receiving the deposit. In layman’s terms, the “out_msg” property would refund the funds to its origin account.

SlowMist has also shared best practices to avoid false deposit attacks:

Got something to say about the false deposit attack or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or X (Twitter).

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.

The post How Hackers Exploit Vulnerabilities in Centralized Exchanges With False Deposit Attacks appeared first on BeInCrypto.

Similar to Notcoin - TapSwap on Solana Airdrops In 2024

origin »

43 +