Unknown Hacker Siphons 2.9 Million EOS

Dennis Wafula

February 26, 2019

About three days ago, the EOS Block Producer EOS42 released a telegram post announcing that a hacker successfully managed to transfer 2.09 million EOS. This is equivalent to $7.7 million from a hacked account due to a failed blacklist update.

Who’s to Blame?

This hack came a day after the EOS platform proposed a solution for a broken blacklist. The EOSIO network has a feature that allows Block Producers (BP) to blacklist accounts. As per the proposal; ‘21/21 producing BPs need to blacklist an account in order for the blacklist to function properly.’

Apparently a new EOS BP termed as ‘games.eos’ failed to update the blacklist for EOS mainnet accounts, and hence left the hacker an open door with a welcome mat. We spoke at length about the potential for EOS vulnerabilities, which are now coming to light.

The proposal adds

‘’The blacklist “loophole” essentially gives a single BP veto power over 15/21 DPOS consensus. In the most benign form, a Block Producer can neglect to update the blacklist on their producing node, resulting in one BPs mistake overriding a decision that was made by 15/21. In the most egregious form, any hacker could corrupt one BP by incentivising them with a reward for “failing” to update their blacklist.’’

Following this hack, Houbi, a major crypto exchange platform had its security team use blacklist data from EOS Core Arbitration Forum (ECAF) to detect asset pouring from EOS blacklisted accounts into Houbi accounts. The exchange platform froze the accounts together with all the assets related to those accounts.

In the proposal by EOS42, the team came up with a strategy to nullify keys of blacklisted accounts rather than providing a veto power to a single BP on the EOS mainnet. The strategy to nullify keys lets in an account to be stored and returned to its rightful proprietor and is way simpler compared to a damaged blacklist.

Based on ECAF orders several accounts that were hacked have been blacklisted.

EOS is a blockchain-based decentralized platform that operates on smart contracts. The crypto has lately been the talk of news. The coin is rated among the top 5 crypto performers against other major crypto coins such as Ethereum and Bitcoin Cash.

Other platforms such as Tapatalk are considering using the EOS blockchain, proving that this hack is just among the many setbacks available in the crypto industry.

Crypto is Coming!

Subscribe to our newsletter The Raven’s Dispatch!

Interested in more crypto content? Check out Tron (TRX) To Undergo A Hardfork in A Few Days and Will Socialism lead to mass crypto adoption