A purported failure to update the EOS blacklist allowed an anonymous hacker to move 2.09 million EOS.
An anonymous hacker managed to move 2.09 million EOS ($7.7 million) from a hacked account due to an alleged failed update by an EOS block producer (BP), according to a Telegram post by EOS block producer EOS42 on Feb. 23.
The EOS blockchain has a feature that requires BPs to blacklist compromised accounts; all top 21 BPs are required to blacklist a certain account in order for the blacklist to function properly. On Feb. 22, a new EOS block producer dubbed “games.eos” apparently did not update the blacklist for EOS mainnet accounts.
Subsequently, the security team of major global crypto exchange Huobi — using blacklist data from EOS Core Arbitration Forum (ECAF) — detected assets pouring from EOS blacklisted accounts into Huobi accounts. Huobi subsequently froze the accounts and the associated assets, according to a tweet on Feb. 23.
Following the accident, EOS42 made a new proposal, suggesting to nullify keys of blacklisted accounts instead of providing a veto power to a single BP on the EOS mainnet. Per EOS42, the option to nullify keys is more effective than a “‘broken’ blacklist” and still allows an account to be saved and returned to its rightful owner.
The number of BPs is capped at 21, with BPs candidates able to replace each other through a constant voting process. Per EOS24, several accounts have been blacklisted based on ECAF orders in which the victim’s accounts were hacked.
EOS, the fourth largest cryptocurrency by market cap today, launched its mainnet in June 2018 following the completion of its $4 billion token sale. Commentators have expected EOS to compete with Ethereum (ETH) as a protocol with which to build decentralized apps (DApps).
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.