Hackers Steal $58,000 Using Fake EOS Tokens


Exploiting incompetence and misinformation, hackers have made off with 4,028 EOS from Newdex exchange, paid for with phony EOS tokens they created themselves. While more fault lies with Newdex than with EOS, the event is another negative headline for EOS. Because only $58,000 worth of crypto was taken, little is likely to change. But this hasn’t stopped some from complaining that EOS is ignoring the issue, is it safe to buy EOS?

Fake EOS Tokens: How Did This Happen?

fake eos hack
fake eos hack

It might seem that persons able to create EOS tokens to buy EOS would be high-level hackers, but the perpetrators of this recent fraud were simply opportunists. EOS is a smart contract platform, and EOS users can create dApps and digital tokens of their own. The fraudsters in this case simply thought that if they were to create an EOS token called “EOS”, they might be able to pawn it off on a vulnerable exchange.

They created their new “EOS” tokens (1 billion of them!) and found their vulnerable exchange in Newdex. Newdex has garnered attention by claiming to be the first decentralized exchange (DEX) on the EOS blockchain. Unfortunately, the exchange is not decentralized. It doesn’t use smart contracts for order matching, and relies to a large degree on human oversight.

This is how the EOS hackers were able to trade tokens they should never have been able to create, for cryptocurrency they should never have been able to buy. The person or persons behind the hack bought up Blackcoin, IQcash, and ADD in more than 11,000 individual orders. These tokens were then exchanged for real EOS tokens, which were then withdrawn to Bittrex exchange.

Newdex has acknowledged the hack but has announced no plans to give restitution to those who lost money. At this time, no direct response from EOS has been made.

The fake EOS hack is not a long term problem
The fake EOS hack is not a long term problem

Whose Fault is This?

It’s hard to blame EOS, though other blockchains should take note. It shouldn’t be possible for anyone to create a token that so resembles the token of its parent blockchain. This case of fraud was an attack of opportunity, and it would be somewhat difficult (but not impossible) for another fraudster to replicate it. In the future, parent token names should be off-limits for users creating their own digital coins.

The main fault lies with Newdex. The company had already been experiencing criticism for their seemingly deceptive advertising about their exchange. “DEX” is a hot topic in the crypto world, and every major blockchain protocol is unveiling their own decentralized exchange(s). Clearly, Newdex does not fit the bill, and this attack doesn’t speak well of their long-term potential.

In the end, this event doesn’t change much. It doesn’t speak to fundamental vulnerabilities in the EOS protocol. The fraudulent tokens were EOS tokens in appearance only. If anything, the attack shows how vulnerable centralized exchanges continue to be. Newdex had no way of verifying the phoney EOS tokens as authentic.

Readers are advised to take care when using new platforms, especially ones upon which digital currencies must be stored. This event is just another reminder about the dangers of centralized exchanges, as well as new untested applications. Fortunately no Newdex user incurred great losses.

Featured image source: Flickr

Leave a Reply

Notify of

Risk Warning: Investing in digital currencies, stocks, shares and other securities, commodities, currencies and other derivative investment products (e.g. contracts for difference (“CFDs”) is speculative and carries a high level of risk. Each investment is unique and involves unique risks.

CFDs and other derivatives are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how an investment works and whether you can afford to take the high risk of losing your money.

Cryptocurrencies can fluctuate widely in prices and are, therefore, not appropriate for all investors. Trading cryptocurrencies is not supervised by any EU regulatory framework. Past performance does not guarantee future results. Any trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Your capital is at risk.

When trading in stocks your capital is at risk.

Past performance is not an indication of future results. Trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Prices may go down as well as up, prices can fluctuate widely, you may be exposed to currency exchange rate fluctuations and you may lose all of or more than the amount you invest. Investing is not suitable for everyone; ensure that you have fully understood the risks and legalities involved. If you are unsure, seek independent financial, legal, tax and/or accounting advice. This website does not provide investment, financial, legal, tax or accounting advice. Some links are affiliate links. For more information please read our full risk warning and disclaimer.