News

Newly spotted Ethereum vulnerabilities put $1 billion at stake

Researchers have discovered multiple vulnerabilities in Ethereum cryptocurrency this month that when exploited by attackers can have devastating consequences.

These flaws can let attackers tamper with “smart contracts,” a mechanism that powers cryptocurrency transactions, much like real-world contracts.

The flaws include:

  1. Integer underflow to get the maximum possible value of an Ethereum token. For example, an attacker with zero balance can exploit an integer underflow flaw to get the maximum value of an ETH token: approximately 4.3 billion.
  2. Integer overflow to reduce a maximum balance to zero value.
  3. Unprotected withdrawal enabling any actor to withdraw Ether funds they shouldn’t have access to due to flaws in smart-contract.
  4. Unprotected self-destruct lets an attacker nullify a contract before a transaction completes and redirect the balance associated with a transaction to any arbitrary address.

6 months of analysis revealed almost a $1bn at stake

Researchers from the CyberNews.com Investigations team who disclosed these vulnerabilities stated they analyzed Ethereum blocks spanning a six-month period.

“We scanned 6 months’ worth of blocks from Ethereum’s blockchain and found that 3,779 contracts have 13 different types of vulnerabilities, including 4 high-severity vulnerabilities,” state the researchers in a report.

The researchers have estimated the value of vulnerable smart contracts at almost $1 billion.

” The total value of these vulnerable smart contracts is 2,088 ETH, which equals $964,172.”

How can users protect themselves?

For users relying on online Etherum ledgers and services, smart contracts can be reviewed using blockchain explorers like Etherscan.

Doing so can provide insights into whether smart contracts have been audited and verified.

“If the smart contract has not been audited or verified, we’d recommend avoiding that particular platform or online service,” state the researchers.

The news follows a 2016 incident surrounding a weakness in Ethereum smart contracts which had led to $50 million in losses.

Despite their claims of providing anonymity and freedom from centralized government-regulated currencies, cryptocurrency systems are not without their flaws and can be seized just as easily by the governments.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

ParkMobile’s $32.8 Million Data Breach Settlement = You get $1?

In 2021, parking app ParkMobile suffered a massive data breach impacting 22 million users whose…

3 days ago

8 Brutal Truths About Cybersecurity I Wish I Knew

When I first got into cybersecurity, I thought it was all about hackers in hoodies…

5 days ago

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

6 days ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

1 week ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

1 week ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

2 weeks ago

This website uses cookies.