About 34,200 current Ethereum smart contracts worth $4.4 million in ether are vulnerable to hacking due to poor coding that contains bugs.
That's the alarming conclusion five researchers from the U.K. and Singapore posited in their report entitled “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale."
In their paper, the authors identified three major categories of smart contracts that are easy targets for being hacked:
- Greedy: These contracts lock funds indefinitely.
- Prodigal: These leak funds to arbitrary users.
- Suicidal: These contracts can be killed by any user.
Smart contracts and their codes exist in a decentralized blockchain network. Blockchain is the technology that undergirds bitcoin. (See also: Understanding Smart Contracts.)
While smart contracts have been hailed for their ease of use and relatively lower costs, they are vulnerable to cyberhackers. In 2017, $500 million was lost or stolen due to poorly coded contracts, and one-half of those involved ethereum, Bitcoin.com reported. See also: (Second Major Ethereum Hack In a Week Leads to $34 Million Theft.)
“We’re dealing with applications that have two very unpleasant traits: They manage your money, and they cannot be amended,” the report's co-author Ilya Sergey, an assistant professor of computer science at University College London, told Motherboard.
The authors of “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale" analyzed 970,898 smart contracts and discovered that 34,200 of them are easy targets for hacking. That means about 1 in 20 smart contracts are at risk.
"The maximal amount of Ether that could have been withdrawn…is nearly 4,905 Ether," the authors wrote. Using today's price of about $894 per ETH token, that's almost $4.4 million.
The report added: “In addition, 6,239 Ether (about $5.6 million) is locked inside posthumous contracts currently on the blockchain, of which 313 Ether have been sent to dead contracts after they have been killed." (See also: Ethereum Hacker Returned 20,000 Stolen Ether Worth $17 Million to CoinDash.)
Because researchers did not reveal which smart contracts are vulnerable, they're presumably safe from hackers – for now. But the report's co-author says given the multi-million-dollar jackpot they could uncover, it wouldn't surprise him if cyberattackers pounced. All it takes to identify the at-risk contracts is some work. “If someone wants to exploit this idea, they’ll have to do at least as much work as we did,” Ilya Sergey said.
Investing in cryptocurrencies and other Initial Coin Offerings ("ICOs") is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein. As of the date this article was written, the author owns no cryptocurrencies.