Dexaran, a hacker and Ethereum Classic core developer, argues that the ERC-20 standard's design lacks proper error handling, making it inherently insecure and resulting in significant financial losses over the years.

He reported these security issues to the Ethereum Foundation in 2017, but over the past seven years, he has received no action or acknowledgment from them.

Attempts to address these concerns within the Ethereum community, including proposals for security disclosures during the EIP process, have been consistently rejected.

Despite multiple reports to OpenZeppelin since 2018 regarding vulnerabilities in the ERC-20 standard, these issues have been largely dismissed or ignored, raising concerns about potential conflicts of interest.

In response to the vulnerabilities, Dexaran developed the ERC-223 standard in 2017 to prevent token loss due to improper transfers, but it has not gained widespread adoption.

A recent incident highlighted the risks associated with the ERC-20 standard when a user lost $26 million worth of ezETH tokens due to a misunderstanding about smart contract operations, which was incorrectly labeled as user error.

Financial losses attributed to ERC-20 standard issues have been staggering, totaling $16,000 in 2017, $2 million in 2018, $60 million in 2023, and reaching $115 million as of November 2024, not accounting for the recent ezETH loss.

Dexaran concludes that the Ethereum Foundation and auditors like OpenZeppelin are censoring the disclosure of these issues, which leads to ongoing financial losses for users and a lack of accountability in the development process.

In addition to his work on ERC standards, Dexaran executed a major DDoS attack on the EOS network in 2019, freezing it for a month due to a flaw in its consensus model.

To further enhance security in blockchain networks, he proposed an amendment to Nakamoto consensus aimed at addressing the prevalent 51% attacks in proof-of-work chains.