On Thursday, Coindesk reported on an exploit that allowed $4.6 million in tokens to be deposited more than once on Binance. In emails to Decrypt, Filecoin and Binance are chalking it up to an “incorrect use” of APIs, as opposed to a bug.
The issue resembled a “double spend”—a system-breaking defect, usually brought on by an attack on a blockchain, that allows the same cryptocurrency to be spent twice. Filecoin is a token that helps enable a decentralized storage network.
The proof-of-work consensus mechanism that backs and other cryptocurrencies is meant to prevent double spends. But the transaction in question only happened once on the Filecoin , even though the exchange mistakenly accepted the transaction twice; the result was more like a “double deposit” than a double spend.
A blog post from Protocol Labs, the team behind Filecoin, says that an investigation “found no issues with the Filecoin network or the RPC [remote procedure call] API code.” And in a statement to Decrypt, a spokesperson for Protocol Labs said: “We are confident that there is no double-spend on the blockchain itself.”
The Lotus team received a report from an exchange re the incorrect use of a Lotus API for evaluating transfers/deposits in the Filecoin Network.
The team investigated & found *no network issue or API bug*. They’re working w/ all exchanges to ensure these APIs are correctly used.
— Filecoin (@Filecoin) March 18, 2021
Binance told Decrypt that deposits of FIL, Filecoin’s token, were halted yesterday in the wake of the double deposit. “The issue was caused by the incorrect use of the Lotus [Filecoin’s software suite] API logic and its integration in transferring and depositing into the Filecoin Network,” said a spokesperson. An API, short for application programming interface, is a way for software to talk to other software.
According to the Binance spokesperson, there was no loss of funds. They referred Decrypt to Filecoin’s incident report.