Main navigation

Hacker Gets Away with 2.09 Mln EOS Due to Failed Blacklist Update, Huobi Blocks Its EOS Accounts to Find Culprit

Advertisement
Tue, 26/02/2019 - 12:51
Hacker Gets Away with 2.09 Mln EOS Due to Failed Blacklist Update, Huobi Blocks Its EOS Accounts to Find Culprit
Cover image via U.Today
Read U.TODAY on
Google News
Advertisement

The hack happened the other day, as was reported on the ‘EOS Go’ Telegram channel. The post announced that a hacker succeeded in stealing 2.09 mln EOS tokens from a blacklisted account. This is around $7.7 mln. This became possible due to a new BP failing to update the list of frozen hacked accounts.

Hacker Gets Away with 2.09 Mln EOS Due to Failed Blacklist Update, Huobi Blocks Its EOS Accounts to Find Culprit

Details of the attack

The malicious attack took place after the team behind EOS came up with a way to solve the problem of the broken blacklist and made a public proposal. The EOSIO chain enables Block Producers (BP) to put certain accounts on a blacklist.

Most likely, the cause for the hack is a new BP on the network under the nickname ‘games.eos’ that for some reason failed to upload a new version of the blacklist for the EOS mainnet accounts, thus enabling the culprit to do his dirty job.

Advertisement

The proposal says that EOS BPs have to put an account on a blacklist in order for this list to work appropriately. The ‘loophole’ in the blacklist provides a BP with a veto power to interfere with the 15/21 DPOS consensus.

Should a BP forget or simply avoid updating the blacklist on its node, this BP would be neglecting the decision made by 15/21. This may allow any hacker to take advantage of the accounts blacklisted by the other BPs and transfer crypto from them.

Related

Hacker-hunting underway, accounts frozen

As soon as the hack occurred, the security team of the Huobi exchange checked the data from the blacklist provided by the EOS Core Arbitration Forum (ECAF) in order to spot any crypto flowing out of the EOS accounts put on the blacklist into Huobi wallets.

As a result, the exchange blocked all accounts on its platform that were linked to that blacklist.

A new security solution

The proposal from EOS also suggests eliminating keys for the accounts on the blacklist instead of allowing a BP to place a veto within the mainnet. The new solution will allow returning an account to its initial owner. This seems much easier than working with the blacklist.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD