Over the past couple of weeks, there has been a slew of headlines announcing the latest "hack" of a cryptocurrency exchange. This time the victimized exchange was Newdex, which is a controversial entity in and of itself. This time the thieves (a much more accurate term than “hackers”) stole some $58,000 in cryptocurrency by exploiting a vulnerability in the Newdex architecture. They bombarded the exchange with fake EOS tokens and, as Newdex later acknowledged, used them to purchase ADD, BLACK and IQ tokens. In all, there were nearly 12,000 purchase orders executed with the fake EOS tokens, all stemming from a single account.
Once the thieves had purchased the ADD, BLACK and IQ tokens they then used them to purchase real EOS tokens. They then took those real EOS tokens and made for the hills; transferring them to Bitfinex. In all Newdex users were saddled with a loss of approximately $58,000 in the valuations of the day. Newdex security was late in recognizing the charade and didn't shut down the service until the thieves had taken their ill-gotten gains and left. According to exchange managers, repairs were made to the system to prevent a recurrence, and normal operations were resumed about an hour later. Perhaps most curiously Newdex, after apologizing, announced they had no plans to compensate for the losses even though they occurred as a direct result of the system’s technical shortcomings.
The Problem with Newdex
Even though Newdex uses “dex” in their name, openly implying they are a decentralized exchange, they are not. A fact that has led to accusations of fraud from some in the crypto-verse. To buttress the illusion that they are a decentralized exchange Newdex uses Scatter for login and interface purposes. But it’s only a ruse as smart contracts are not part of their MO like they should be with any true decentralized cryptocurrency exchange today. Instead, orders are processed using a single account reserved for the exchange and matched using an off-chain centralized server. In response to criticisms leveled at it in the wake of the recent theft Newdex, instead of admitting their own deficiencies, laid the problem at the feet of the EOS network.
In the overall scheme of things, and in light of losses incurred by some other cryptocurrency exchanges, the $58,000 in losses incurred by Newdex customers seems like pretty small potatoes (and as we’ll see in a minute, it is). The thing that makes the story newsworthy is that Newdex has been marketing itself as a totally decentralized exchange when it seems clear to anyone with a passing knowledge of how these things work that they are not. The whole fiasco also serves to embolden the regulatory crowd which frustrates crypto-purists to no end.
Putting Things in Perspective
While $58,000 is no doubt a significant loss for those victimized by the Newdex theft, it's not in the same league with the most significant cryptocurrency thefts of the past few years. Here are several of those to provide some perspective: