Bitfinex’s LEO Token Enables Multi-Billion Dollar Fraud, Cointelligence Claims
The smart contract of LEO, the ERC20 token issued by iFinex’s subsidiary Unus Sed Leo, allegedly has deliberate flaws in it to allow for massive fraud, crypto research firm Cointelligence says.
Bitfinex Might Have Developed an Evil Code for LEO
Crypto research and analysis firm, Cointelligence, has cited findings that Bitfinex may have deliberately created a smart contract for the LEO ERC20 token which opens the floodgates for potential fraud.
Bitfinex LEO ERC20 token owner can not only print or mint unlimited new tokens but also they can delete anyone’s coins including but not limited to the ones on centralized or decentralized exchange, hot or cold storage, hardware or software wallet, and/or paper or brain wallet.
— Bi od (@heybiod) July 1, 2019
LEO token, which was launched by Bitfinex on May 10 of this year, allows the entity behind it to potentially exert unlimited control over the coin, which could leave room for a multi-billion dollar fraud.
Cointelligence breaks down the code parts that demonstrate how the token can be manipulated by the owner in every way. Thus, the controller contract allows the entity behind the token to transfer, issue, approve, burn, and change the controller itself. In the latter case, the current address that controls the LEO ERC20 contract may be effortlessly upgraded to any address by the owner.
Once the controller is changed, the owner can keep on minting tokens without end or delete anyone’s tokens in a blink of an eye. This can be achieved through code functions like “generateTokens” or “destroyTokens.”
Cointelligence even simulated these actions by mirroring the LEO’s code on Ethereum. They discovered that the tokens could be indeed minted and deleted by the owner at any point.
Is This Really an Issue?
While the “fraud” term isn’t uncommon for Bitfinex, which has been repeatedly accused of minting USDT without holding the USD equivalent in its reserves, some say the story with LEO has gone too far.
Bitfinex CTO Paolo Ardoino explained in the Twitter thread:
For security and future proof reasons we left the ability also to upgrade the Token Contract. That’s really a key feature for a contract that might live lot of years. Minting more tokens would just not make sense for Finex… like shooting our foot.
However, the reply didn’t convince the LEO skeptics.
On the other side, some Twitter users argue that EOS and TRON are only a few examples of entities that could do the same with their tokens, and nobody complains about it. A user concluded in a similar fashion:
How does this become news every few months. So many coins are mintable and burnable. Up to you if you trust the people in charge with that power. Even if a coin isn’t, the team behind can migrate to a new contract which is mintable.
Is the LEO code indeed an issue that should keep crypto investors away from the token? Let us know your thoughts in the comment section below!
Images courtesy of Cointelligence, Shutterstock, Twitter, @heybiod