HomeMining

Failed Update on a Blacklisted Account Gives Hacker Loophole to Move 2.9 Million EOS

In case of a security breach crypto platforms have mechanisms in place to handle the security breach and for EOS platform, the number four biggest platform per market, its security mechanism calls for updating of blacklisted accounts. However, per the platform telegram account EOS42 a failed update gave hackers a loophole to access funds and transfer them.

Per EOS’s platform mechanism 21 BPs active accounts were scheduled for updating after being blacklisted due to a hack, but on the 22 of February, an active BP account games.eos didn’t proceed to initiate the update. All the 21 top BP accounts are supposed to be updated, but games.eos through a new BP account wasn’t updated. EOS block producers handled the update and initiated it on EOS platform mainnnet account.

Through that mistake, a hacker managed to transfer $7.7 million worth of EOS and moved them over to Huobi exchange. $7.7 million worth EOS is equivalent to 2.90 million EOS. However, security personnel over at Huobi exchange were quick to take action and froze the account on the receiving end after their systems detected funds were coming in from a blacklisted account. Huobi security experts got wind of the blacklisted accounts from information available at EOS Core Arbitration Forum (ECAF) and acted upon it by freezing the accounts.

EOS Block Producer Proposes New Security Measures

In a bid to help salvage the whole situation, EOS block producers through their telegram channel put forth a new proposal of getting rid of keys assigned to affected BP accounts. Through nullification of the keys, the platform will be taking away the rights given to the single BP account. The rights come with voting powers which enable BP account holders replace one another through voting. Furthermore, nullifying the keys will allow administrators to kill two birds with one stone, prevent hackers from moving funds and also save the account. Moreover, the saving process ensures the account is retrieved and restored to its rightful owner. For an account to be blacklisted, an ECAF order is executed when an account is hacked.

Although the above incidence occurred, EOS isn’t holding back on moving its platform forward. Furthermore, through the proposed security measures, accounts will be restored quickly. In addition to that, funds raised from its successful June 2018 token sale will help in the development of a tamper-proof platform.