Researchers from the CyberNews team have discovered 13 different vulnerabilities affecting 3,779 ‘Ethereum’ contracts, holding 2,088 ETH ($973,000). “Smart contracts” are programs that run on the Ethereum blockchain, residing at a specific address on it.
They can be considered a type of accounts, so they have a balance and can engage in transactions. The discovery of security flaws in smart contracts means that a hacker could potentially steal the balance or intercept the transactions, both being extremely problematic presumptions.
The researchers scanned the Ethereum blockchain for vulnerable contracts for six months, and among the 13 vulnerabilities they’ve found, four are high-severity. These are the following:
If you are holding Ethereum, you should be worried but not panicking right now. To lose your crypto to hackers, you will need to have your deposit stored on a site or online service of some kind, and that platform will have to fall victim to a malicious smart contract attack.
So first, check if the service that holds your crypto uses smart contracts that are vulnerable to any of the 13 vulnerabilities, especially the four first. If the smart contracts have been audited and/or verified, they should be safe.
Developers can redo the smart contracts after fixing the code, which should remove the vulnerabilities and the associated hacking risk. CyberNews warns that this is actually something that has happened before, so the risk is not theoretical.
In 2016, hackers exploited smart contract code flaws to initiate multiple transfers without submitting them, eventually stealing $50 million from the venture capital fund of DAO (Decentralized Autonomous Organization).