Security Warning: Third-party token issuance platforms may leave backdoor codes to issue additional tokens and steal tokens

Beijing Lian'an Security Center recently received feedback from the project party that after the ERC20 contract was deployed to generate tokens, it was found that there were transfers of similar tokens from unknown sources on the chain. After investigation, it was found that the project party used a third-party ERC20 contract release platform in the process of setting and publishing the contract. While the platform automatically generated the contract code according to the project party's token supply and other settings, it added a section of code to privately issue 1% of the total supply of tokens and transferred them to the designated address.

According to Zer0Man, a security expert at Beijing Lianan, we conducted relevant tests on the platform. During the whole process, the platform did not give any prompts for the related multiple token issuance and private transfer, which is consistent with the experience of the project party. In essence, this is an act of leaving a malicious backdoor without the permission of its customers, aiming to issue multiple tokens and steal tokens, and then trade them for cash after they are listed on the exchange. Judging from the address it has left secretly, it has obtained the quota of seven tokens, and has transferred the tokens of the projects that have been traded online to the relevant exchanges.

Solemn statement: The copyright of this article belongs to the original author. The article is reproduced for the purpose of spreading more information. If the author information is marked incorrectly, please contact us as soon as possible to modify or delete it. Thank you.