 This presentation is called the Gas Sector Attack, how it happened and how to protect yourself. It's an overview of gas exploit exchanges that happened last year. It relies on a concept called gas token. This concept is too hard to get into in five minutes, but what it basically is is the ability to refund yourself on the Ethereum network. It's built into Ethereum and it's effectively an ERC-20 that pays for your gas. So given that context you'll be able to understand the rest of this talk. So the attack given that token is an exploit whereby anyone who pays for a transaction fee can be attacked by minting gas token for you. So in this example, exchanges who pay for your withdrawal fees, which is all exchanges in this case, if you make a withdrawal from an exchange into a contract that you've created that has this exploit in it, what ends up happening is the exchange mint gas token for you. So what that means is they pay a very high gas limit in the transaction for your withdrawal of a very small amount of ETH, and what that does is it prints you a gas token that allows you to profit from their paying for the withdrawal fee. So in some extreme cases, exchanges pay up to $50 for you to withdraw from their account and effectively you're making $50. So that was the premise of what happened last year. And what happened pretty much every exchange was affected to varying degrees of severity. And who am I? I co-founder of the Gas Second Attack. I do audits with Zero Trust and we have a wallet company called Ethereum. One question that I always get with this ask is gas token good. The basic idea is good. It says if you want to clear some state on the Ethereum network, we'll give you a refund for doing so to make the state smaller. But what's happened in reality is a lot of people are using it maliciously. So people are printing gas token now with the intention of using it later. And that's not how it was intended to be used, but it is how it is being used now. And how are people using gas token? A lot of people are using it for arbitrage. So when they go to make a trade or an arbitrage, whereas anyone in this room will be able to make $1, someone using gas token might be able to make $1.10 because their fees are reduced because they have gas tokens. Exchanges can use this as effectively gas futures, but that's a little longer conversation. Here's one example transaction you can look at later. The only really important part is this is a withdrawal from an exchange. And you can see here the transaction fee is .2 Ether. So this is basically saying that an exchange paid .2 Ether in order for me to withdraw .01 Ether from my exchange account. So that $34 at the time came from an exchange. So it's a very real attack. How can exchanges fix this? The answer is don't pay for a user's gas. The more practical answer is a charger withdrawal fee. That is greater than the fee that the user can mint in gas token. So someone like Coinbase charges $5 for withdrawal fee. A user who wants to withdraw print gas token can only be able to print less and it wouldn't make economic sense. A few examples of interfaces that try to abstract away gas but is somewhat dangerous are our trust wallet Coinbase and Metamask. You'll see here they don't even mention gas. But if you use one of these wallets to send money to someone or send money to a contract, what might happen is that contract might be trying to cite gas from you and you almost won't even be able to recognize that you're being attacked. So it's pretty dangerous and it's just something to watch out for. And then I'm running out of time here but real quickly some interesting facts. Let's get through these guys. So some interesting facts about gas. As everyone knows the gas price is currently rising. Those two graphs show it. What's seen here is that miners are actually now using gas token. Some of the blocks they mined are only minting gas tokens. So if you look here they're not collecting any fees. All these transactions are minors transactions. They're not paying any fees and they're just using the whole block they mined to print gas token. And it's pretty crazy and it's not how it was meant to be used but we're seeing it happen in the real world. Here's the use of gas token rising over time. The same things happening on each classic. Nothing is any better. And finally there are markets for gas token. So people are starting to trade gas token as an ERC-20 token and not as the gas refund it was meant to be. The point of this talk was to kind of show you what gas token was and to make you aware of it and to kind of protect yourselves if you're vulnerable. Thank you.