原标题:USDT惊现重大漏洞,可导致“假充值”,各大交易所已暂停充提币
Original title: USDT revealed a significant gap that could lead to a “false charge”, and major exchanges have suspended the charging of coins
雷锋网消息,6月28日深夜,慢雾科技发布了一条针对USDT的预警和漏洞分析,提醒各大交易所尽快暂停 USDT 充值功能,并自查代码是否存在该逻辑缺陷。
Thunderbolt News, late in the night of 28 June, slow fog technology released an early warning and gap analysis for USDT, alerting major exchanges to suspend USDT charging function as soon as possible, and to check for such a logical flaw in the code.
#预警# #漏洞分析# 交易所在进行 USDT 充值交易确认是否成功时存在逻辑缺陷,未校验区块链上交易详情中 valid 字段值是否为 true,导致“假充值”,用户未损失任何 USDT 却成功向交易所充值了 USDT,而且这些 USDT 可以正常进行交易。
# # Gap Analysis# The Exchange has a logical flaw in making USDT-filling transactions to confirm success, the value of the valid field in the block chain details has not been verified as true, resulting in "false-filling", and the user has not lost any USDT to the Exchange, and these USDTs can be traded properly.
我们已经确认真实攻击发生!相关交易所应尽快暂停 USDT 充值功能,并自查代码是否存在该逻辑缺陷。
We have confirmed that a real attack has taken place! The relevant exchange should suspend the USDT charge function as soon as possible and check for itself if there is a logical flaw in the code.
这就相当于,你不用给你的银行账户上充钱,你的账户余额也可以蹭蹭往上涨,而且你还能立马进行交易。
It's like, you don't have to charge your bank account, your account balance can slip up, and you can make a deal right away.
预警和漏洞分析发出后,火币、OKEx各大交易所相继暂停USDT的充提:
Upon the issuance of the early warning and gap analysis, each of the major exchanges, OKEx, suspended the listing of the USDT:
据慢雾科技创始人余弦分析,USDT 的安全问题,是一种长得像 feature 的 bug,这种 feature 非常可怕,它需要技术人员的特别照顾,无法忽略。但是技术人员质量是参差不齐的或不小心来了个大意,导致 feature 没法被照顾好,一个定时炸弹就这样埋下了。
According to the cosmological analysis of the founder of slow fog technology, USDT's security problem is a feture-like bug, which is terrible and requires the special care of technicians, which cannot be ignored. But the quality of technicians is uneven and careless. But there's an idea that the technologists cannot be taken care of.
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论