At least five cryptocurrency exchanges have suspended accepting deposits and withdrawal of the ERC-20 tokens due to the discovery of a critical vulnerability in the Ethereum smart contract.

The first exchange, which stopped accepting deposits of all ERC-20 tokens, was Hong Kong-based OKex. The decision was due to the vulnerability 'BatchOverFlow' in the Ethereum smart contract, which allows scammers to generate huge amounts of tokens and transfer the created coins to normal addresses. When this value is passed, the code overflows, allowing the hacker to gain a massive number of tokens. It may allow criminals to manipulate prices of ERC-20 tokens.

“There is no traditional well-known security response mechanism in place to remedy these vulnerable contracts!” wrote one researcher on Medium. “With that, we further run our system to scan and analyze other contracts. Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchOverflow.”

A few days ago, hackers took advantage of this vulnerability and managed to create and withdraw 8 vigintillion of BeautyChain tokens from OKex.

“To protect public interest, we have decided to suspend the deposits of all ERC-20 tokens until the bug is fixed. Also, we have contacted the affected token teams to conduct investigation and take necessary measures to prevent the attack,” Okex wrote.

Following OKex, Changelly reported that it decided to temporary suspend ERC-20 tokens trading. It also indicated that the for such a decision wes due to the above mentioned vulnerability. US-based crypto-exchange Poloniex, recently bought by Circle for $400 million, also decided to stop accepting deposits and withdrawing ERC-20 tokens due to the vulnerability of BatchOverFlow.

The same decisions were made by the exchanges Quoine, HitBTC, Huobi Pro. The latter reported that fraudsters took advantage of the vulnerability in the Ethereum smart contract and created 65 novemdecillion of SmartMesh tokens.


"Our system detected all abnormal deposits and did not credit them," Huobi Pro said in a statement.

Precise data on how many users were affected and which coins were exposed to the actions of criminals, has not yet been received.