Ethereum Name Service Auctions Halted Because of a Bug

Published at: Oct. 1, 2019

Ethereum Name Service (ENS) name auctions were halted because of a bug that resulted in names being awarded to wrong users and for lower bids.

Faulty documentation

ENS’s editor Brantly Millegan announced the halt of the name auctioning service in a Medium article published on Sept. 30. He noted that most of the first auctions concluded successfully and only a few were affected by the bug. The anomalous result of some auctions had two distinct causes, one of which lies in documentation, not the software, according to Millegan.

Per the announcement, “some bidders were given incorrect information on how to bid using the JavaScript SDK.” As a result, they submitted invalid bids with wrong target fields, which meant that their bids were not considered in the auction.

A vulnerability has been discovered

The second issue — rooted in the software — is an input validation vulnerability which allowed “to place bids on a name that actually issued a different name.” Malicious users reportedly used this vulnerability to issue themselves the names defi.eth, wallet.eth, apple.eth and others.

In an attempt to set things straight, bidders will be emailed with instructions on how to resubmit valid bids, according to the article. At the same time, unfinalized affected auctions will be extended. Furthermore, all but 16 affected by the vulnerability auctions were halted before finalization.

A costly mistake

The vulnerability itself was identified and patched, so attacks of this kind will not be possible again. Still, Millegan admits that names that have been awarded to attackers in finalized auctions cannot be revoked and returned to the correct bidder. This feature is a double-edged sword that also has its advantages:

“ENS is designed such that we can’t revoke .ETH names once they have been issued. This is an intentional feature of ENS that ensures the owners of .ETH names a high degree of security. But it also means that mistakes, such as in this case, can be costly.”

As Cointelegraph recently reported, Fusion Network’s token swap wallet was compromised, resulting in roughly a third of FSN tokens being stolen.

Tags
Related Posts
$6.4M Worth of FSN Tokens Stolen From Fusion Network’s Swap Wallet
Fusion Network’s token swap wallet was compromised. Roughly a third of FSN tokens was stolen as a result. Fusion Foundation announced in a Medium post published on Sept. 29 that its swap wallet was compromised, which resulted in the theft of 10 million native FSN and 3.5 million Ethereum (ETH)-based ERC-20 FSN tokens. The total worth of stolen FSN tokens was estimated at around $6.4 million at that time. The Foundation’s investigation has not revealed any other affected wallets so far. The alleged cybercriminal reportedly started to launder the coins already: “After the currency was stolen, abnormal wash-trading behaviour occurred, …
Altcoin / Sept. 29, 2019
AT&T Wins Some, Loses Some, in Motion Dismissals in $24M SIM Swap Case
The federal judge overseeing Terpin Vs. AT&T has dismissed the motion. This news is the latest in a legal battle pertaining to crypto stolen via SIM-swapping that has been going on for almost a year industry news outlet, The Block, reports on July 26. As Cointelegraph previously reported, in August last year Terpin filed a lawsuit against AT&T, since he believes that the telecoms giant had provided hackers with access to his phone number, which led to a major crypto heist. Earlier this month the federal judge overseeing the case has also denied the telecom giant’s motion for dismissal. Per …
Altcoin / July 27, 2019
Ethereum Hacks on the Rise Again as Price Remains Below $100
A fresh wave of hacks targeting Ethereum (ETH) holdings continues, despite the altcoin’s price trailing at 18-month lows, tech magazine ZDNet reported Dec. 10. Citing research by cybercrime monitoring company Bad Packets LLC, the publication revealed that the downturn in ETH/USD has failed to stop malicious parties attempting to steal funds from miners and investors. Scanning the network, hackers are trying to identify mining rigs and wallets with an exposed port 8545, which ultimately allows them to gain control and redirect ETH funds elsewhere. “Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if …
Ethereum / Dec. 13, 2018
Game over! Squid Game-inspired crypto scam collapses as price crashes from $2.8K to zero
A cryptocurrency inspired by Netflix's internationally hit TV show "Squid Game" scammed investors in what appears to be a $3.38 million "rug pull" scheme. Dubbed "SQUID," the cryptocurrency plunged to almost a fraction of a cent minutes after crossing over $2,850 at 09:35 UTC, Nov. 1. The deadly drop surfaced following a 75,000% bull run, showcasing a greater demand for SQUID among traders after its debut on Oct. 26. At the core of the retail craze lay the popularity of Squid Game. The scammers promoted SQUID as a play-to-earn cryptocurrency inspired by the South Korean TV fictional show in which …
Markets / Nov. 2, 2021
Fake Ethereum Denver website linked to notorious phishing wallet
A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether (ETH). The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2800 wallets and has stolen over $300,000 over the past six months. Another day, another scam. This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam …
Ethereum / Feb. 20, 2023