The EtherDelta hack: malicious JavaScript in a contract name, stealing the user’s private key

EtherDelta is a somewhat decentralised cryptocurrency exchange. You can’t cash out to actual money, but you can swap assorted ERC-20 tokens, including ones too small-time to get onto an exchange.

(Whenever a critic points out that the gateway between exchanges and actual money is the obvious control point for cryptocurrencies, advocates will cite EtherDelta as a totally decentralised counterexample — even though that doesn’t answer the objection, unless the corner shop started accepting ICO tokens when I wasn’t looking.)

EtherDelta is a couple of megabytes of minified JavaScript — only the minified version is available, not the original source — with a smart contract backing it. To use it, you go to the site, put in your Ethereum address and private key, then deposit some of your ETH into their contract. Fees are approximately 0.3% of volume. You can also use MetaMask, a Chrome browser plugin that runs an Ethereum wallet, rather than putting your private key in directly. (MetaMask users apparently weren’t susceptible to the present hack.)

Decentralisation is always more costly than a centralised approach, and this is true here as well. Trades happen on-chain, so there’s opportunities for arbitrage, miners front running traders, race conditions and slow order cancellations. And despite being provably worse than a centralised exchange, the “decentralised” exchange is still controlled by a single entity; it’s not like FinCEN can’t just call Zack Coburn about EtherDelta’s KYC/AML compliance.

You can trade any ERC-20 token at EtherDelta, including ones they don’t know about yet. You just put the contract address into the web page address. So, for example, lets you trade Useless Ethereum Token versus ETH.

It turns out that EtherDelta didn’t sanitise inputs, to make sure program code embedded in the data couldn’t run. In this case, when it scanned a token’s contract address for its name, it didn’t sanitise the name. So you could make it run JavaScript of your choice. With that you could do anything that JavaScript could do, e.g., steal someone’s Ethereum private key from their browser session.

The thief posted links to what they claimed were blog posts on , which immediately redirected to a Google redirect, and then to a link to EtherDelta with the exploit (which has been disabled). They apparently netted several thousand dollars.

Various suggestions have been posted as to how to trade securely on EtherDelta. You can be sure approximately 0% of users will do anything beyond reloading the web page, because “be your own bank!” means “be your own financial system chief security officer and researcher,” and users just assume that someone else has done the security legwork to decompile and inspect a smart contract or a huge pile of minified JavaScript. Meanwhile, they pick up their crypto trading tips at 4chan /biz.

Christian Montoya describes the hack, and some of the efforts to track down the perpetrator.

Further security problems with EtherDelta should be expected. “Uptrenda” at Reddit /r/buttcoin describes how EtherDelta is fully up to previous standards for Ethereum smart contracts involving money:

I was looking at the EtherDelta code not long ago and concluded it was too terrible to save.

The trade engine is so closely coupled with the transaction code that it’s impossible to re-use it for anything else; There seems to be no simple way to test the software or indeed any unit tests at all; The UI is literally a cluster f— of code with no clear separation; The smart contract is a monolithic file where the author has apparently never heard of a module before; The smart contract can only be used for one purpose and the fee logic is so tightly coupled that it reads like spaghetti code; Nothing is documented, there is no documentation at all.

I am glad we abandoned this software. I got as far as installing it and did some tests but I could see that everything would have to be re-written from scratch with solid engineering if we wanted to use it for anything practical.

I almost forgot the best part: the EtherDelta “smart contract” has race conditions on every order where a person can race to take the same order. This means that it’s impossible to calculate the price of an asset reliably (it actually incentivizes sybil attacks) or scale the exchange to any amount of volume. I am honestly surprised that the exchange even works at all given these issues.

Obviously none of its financial code has been audited by anyone to my knowledge. It was thrown online by some “solidity developer” who doesn’t even understand how a trade engine works… I wonder just how much gas has already been wasted due to race conditions or how many people lost money from its multiple asymmetric pricing vulnerabilities. I think bot authors would love this exchange as there are highly malicious trading strategies that would yield insane profits if you know what you’re doing.

It turns out that “I know JavaScript! How hard could running an exchange be?” is the new “I know PHP! How hard could running an exchange be?”

The attacker later updated the code of their malicious smart contract:

f`[¤ DATA <script> alert("powned") </script>


Become a Patron!

Your subscriptions keep this site going. Sign up today!

2 Comments on “The EtherDelta hack: malicious JavaScript in a contract name, stealing the user’s private key”

  1. I have had 2027 GRID tokens removed from myetherwallet 6 hrs after they arrived Grid plus ICO.
    They went to 0x2dd2fa545e53712d50fa4ae81743cce8bf560ab9 which I was told by the experts at Grid Plus is etherdelta .
    I would appreciate it if you could tell me if this is possible because it casts a shadow on the security of myether wallet.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.