Hacker Moves 2.09 Mln EOS Following Blacklist Update Failure

Published at: Feb. 25, 2019

An anonymous hacker managed to move 2.09 million EOS ($7.7 million) from a hacked account due to an alleged failed update by an EOS block producer (BP), according to a Telegram post by EOS block producer EOS42 on Feb. 23.

The EOS blockchain has a feature that requires BPs to blacklist compromised accounts; all top 21 BPs are required to blacklist a certain account in order for the blacklist to function properly. On Feb. 22, a new EOS block producer dubbed “games.eos” apparently did not update the blacklist for EOS mainnet accounts.

Subsequently, the security team of major global crypto exchange Huobi — using blacklist data from EOS Core Arbitration Forum (ECAF) — detected assets pouring from EOS blacklisted accounts into Huobi accounts. Huobi subsequently froze the accounts and the associated assets, according to a tweet on Feb. 23.

Following the accident, EOS42 made a new proposal, suggesting to nullify keys of blacklisted accounts instead of providing a veto power to a single BP on the EOS mainnet. Per EOS42, the option to nullify keys is more effective than a “‘broken’ blacklist” and still allows an account to be saved and returned to its rightful owner.

The number of BPs is capped at 21, with BPs candidates able to replace each other through a constant voting process. Per EOS42, several accounts have been blacklisted based on ECAF orders in which the victim’s accounts were hacked.

EOS, the fourth largest cryptocurrency by market cap today, launched its mainnet in June 2018 following the completion of its $4 billion token sale. Commentators have expected EOS to compete with Ethereum (ETH) as a protocol with which to build decentralized apps (DApps).

Tags
Eos
Related Posts
White Hat Hackers Earned $878,000 from Crypto Bug Bounties in 2018, Data Shows
White hat hackers have been awarded $878,000 in bug bounties this year, technology news website TheNextWeb reports on Dec. 30. Bug bounties are a type of competition in which companies that develop software invite hackers to break their software and responsibly disclose the vulnerabilities, so they are able to fix them before they are exploited. According to TheNextWeb, hackers earned $534,500 on HackerOne, a bug bounty platform connecting companies with hackers just from Block.one, the company which stands behind EOS. In fact, Block.one is reportedly responsible for 60 percent of all the bounties handed in this year. Major cryptocurrency exchange …
Blockchain / Dec. 30, 2018
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
Huobi and Shiba Inu community to help BitMart overcome $200M hack
Following a near $200 million hack on the BitMart exchange, the Shiba Inu (SHIB) community and crypto exchange Huobi Global aim to help the exchange strengthen security and track inflows of stolen assets. On Dec. 5, crypto exchange BitMart became victim to a hot wallet compromise hosted over the Ethereum (ETH) and Binance Smart Chain (BSC) blockchains. As a result, the hackers were able to steal over $196 million, roughly $100 million over the Ethernet network and around $96 million over the BSC blockchain. 1/3 We have identified a large-scale security breach related to one of our ETH hot wallets …
Blockchain / Dec. 6, 2021
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022