Full Report
How does a crypto exchange know when you sent it funds? Well, there is an address associated with the exchange. In particular, this is unique per user. A transfer is made to this address, which tells the exchange that you sent funds to them. The exchange needs to see this transfer happen via scanning for blocks. Finally, a specific amount of confirmations happen, validating that no reorg will occur. At this point, your exchange account will be credited with funds. Recently, Kraken feel victim to a false top off attack. This articles goes into several ways that this can be exploited, from their own experience. In the case of CertiK on Kraken, it was pretty simple! Kraken was looking for a deposit made to this address within a successful transaction via logs. However, the attackers sent over the funds in a contract then reverted this function call, only to be handled (and ignored) by an upper level call. All Kraken was looking for was a transfer within the transaction that on a successful call. Normally, I would guess that an event would be emitted for this to work. However, since it was transferring ETH directly, there is no event emitted. So, some weird and custom shenanigans has to be done for this. Apparently, the parsing being done was this didn't consider the case that CeritK tried. According to the Tweet, they tried this as several exchanges but only one of them worked. The first two are simple issues with blockchain confirmations. If a fork happens after only a single confirmation or it simply looks in the mempool, then you're super duper F'ed since the transfer could have already reverted. Certain quirks of systems that are unique to it can cause issues as well. The next set of issues deal with failures. If the transaction reverts, then the deposit shouldn't be counted, because the funds were never sent there in the first place. Type confusion can be an issue as well; getting one event to be processed as another type, such as in Felix's Polygon bug. Missing checks on the emitter of the smart contract are common as well. There is also double spending issues, where you can provide the same transaction twice or something like that. In the case of Bitcoin, where ownership is confusing, it may be possible to make a transfer accessible to an account but YOU actually have control over the funds still. They have a few other mentions of previous issues in other blockchains. The specific case study they reveal is about the TON blockchain integration issue, made by telegram. On the TON blockchain, is a cross contract call fails then it can bounce back. When this happens, a callback is made to the calling contract to fix whatever just happened. In the logs of the message, the field in_msg is used to determine the information. However, out_msgs will be the bounceback if it fails. If you only look at the in_msg and it bounces back, then leads to a false transfer. How do we prevent this? Rigorous transaction matching needs to be done in order for this to be secure. It must be a perfect match and nothing else. Second, checking balances before and after a TX is a good source of truth. Finally, having detection's in place is helpful; this sounds easy, but is non-trivial given that there exist a failure in the system that allowed this to happen in the first place. Overall, it's a good article on tricking off-chain infrastructure, which I really enjoyed. I also found a partial payments issue with integration with XRP wallets that was interesting while researching more into this.
Analysis Summary
# Tool/Technique: False Top-up Attack (Fake Deposit)
## Overview
A False Top-up attack is a technique where attackers exploit vulnerabilities in an exchange’s off-chain deposit processing logic. By crafting specialized transactions—such as those that revert, use partial payments, or exploit chain-specific features—attackers trick the exchange into crediting their account with digital assets that were never actually transferred or were transferred in an invalid state.
## Technical Details
- **Type**: Technique / Exploitation of Off-chain Infrastructure
- **Platform**: Cryptocurrency Exchanges, Blockchain Bridges, and Payment Gateways.
- **Capabilities**: Financial fraud, asset theft, double-spending, and exploitation of smart contract execution logs.
- **First Seen**: Common occurrences documented significantly since 2018 (e.g., USDT, EOS, and Ethereum variants).
## MITRE ATT&CK Mapping
- **[TA0006 - Credential Access / TA0002 - Execution]** (Note: While not traditional malware, these map to financial gain via technical manipulation)
- **[T1537 - Transfer Data to Cloud Account]**: Specifically, the unauthorized "top-up" of exchange accounts.
- **[T1059 - Command and Scripting Interpreter]**: Use of malicious smart contracts to trigger internal transaction reverts.
- **[T1565 - Data Manipulation]**: Manipulation of transaction logs to mislead monitoring systems.
## Functionality
### Core Capabilities
- **Transaction Reversion (Internal Call Manipulation)**: Attackers send funds via a smart contract and then intentionally trigger a revert in an upper-level call. If the exchange only monitors for the "transfer" log without checking the final success of the entire transaction, the account is credited falsely.
- **Bounce-Back Exploitation (TON Network)**: Exploiting specific blockchain features where a failed cross-contract call sends a "bounce" message back to the sender. If the exchange monitors `in_msg` but ignores the `out_msgs` (the bounce), it registers a deposit that was actually returned.
- **Partial Payment (XRP/Ripple)**: Exploiting a field in Ripple transactions that allows a transaction to succeed even if only a fraction of the intended amount is delivered, while the exchange UI/API reads the "intended" amount field.
### Advanced Features
- **RBF (Replace-By-Fee) Exploitation**: Utilizing Bitcoin's RBF feature to replace a pending transaction with a new one that redirects funds elsewhere after the exchange has already recognized the initial mempool entry.
- **Type Confusion**: Forcing a system to process one event type (e.g., a token burn or a different contract event) as a successful deposit event.
- **Chain Reorganization (Reorg)**: Exploiting low confirmation requirements by initiating a transfer on a minority fork that is eventually discarded.
## Indicators of Compromise
- **File Hashes**: N/A (Technique is network/contract-based).
- **Network Indicators**:
- `slowmist[.]com` (Research Source)
- `github[.]com/slowmist/` (Research Source)
- **Behavioral Indicators**:
- Out-of-band balance discrepancies (Exchange total wallet balance < sum of user balances).
- High frequency of "Reverted" or "Failed" status transactions from the same source address that correlate with credited funds.
- Smart contracts interacting with exchange deposit addresses that execute complex `try/catch` or `revert` logic.
## Associated Threat Actors
- **CertiK (During documented Bug Bounty research/controversy)**
- **General Cybercriminals** specializing in DeFi and Exchange exploitation.
## Detection Methods
- **State-Based Verification**: Comparing the actual on-chain account balance of the deposit address before and after a transaction, rather than relying solely on event logs or receipts.
- **Transaction Status Validation**: Implementation of strict checks for the `status` field in Ethereum-based transactions (ensuring it is `0x1` / Success).
- **Cross-Field Validation**: For blockchains like TON, matching `in_msg` against subsequent `out_msgs` to ensure no bounce-back occurred.
## Mitigation Strategies
- **Rigorous Transaction Matching**: Implementing a "perfect match" system where every field of the transaction (sender, receiver, amount, status, and internal calls) is validated.
- **Increased Confirmation Thresholds**: Requiring a higher number of block confirmations to mitigate risk from chain reorgs or RBF attacks.
- **Balance Auditing**: Regular automated reconciliation between the blockchain's "Source of Truth" (the ledger balance) and the exchange’s internal database.
- **Event Filtering**: Ensuring that only events emitted by verified contract addresses are processed.
## Related Tools/Techniques
- **Double-Spending**: Re-using the same transaction data.
- **Bitcoin RBF Attacks**: Manipulating mempool transactions.
- **Smart Contract Logic Errors**: Specifically around "try-catch" blocks in Solidity that swallow errors.