An unidentified hacker on February 22, 2019, made away with 2.09 million EOS worth about $7.7 million after a new active EOS Block Producer failed to update the mainnet account blacklist – typically, a decentralized platform should not be vulnerable to a single point of failure – but EOS seems to be wired in a different way.
The EOS Exchange Platform Hack
EOS Go, the blockchain community of EOS said in a statement said that one of its user’s account was compromised. The hack was possible because one of EOS’s 21 blacklist maintainers failed to do its job. The hack was first mentioned on an EOS Telegram public post on February 23, 2019.
EOS has a procedure of identifying malicious accounts, the procedure entails notifying 21 top “Block Producers” of the address of suspected malicious accounts. They then have to update the list of banned EOS addresses, so as to prevent other crypto exchanges from carrying out transactions with them.
This system of updating a list of the suspected malicious account by 21 Block Producers was done to prevent hackers from gaining access to funds and from carrying out transactions on crypto exchange platforms. For the system to work effectively, all 21 Block Producers must update their blacklist.
If one of the Block Producers do not update the list, the entire system becomes vulnerable. This is exactly what happened over the weekend when games.eos, a platform for developing EOS-based game failed to update its blacklist. This eventually led to the loss of 2 million EOS tokens.
Suspected Hacker Account Frozen by Huobi
According to reports, the hacker transferred the funds to several accounts on different crypto exchange platforms including Huobi. Immediately after the hack, security at Huobi assessed the data provided by the EOS Core Arbitration Forum (ECAF).
In a bid to curb the situation the exchange froze all EOS accounts linked to the blacklist but the hacker still got away with a fair sum as other exchange platforms did not do the same.
As a result of this incident, EOS platform is looking to improve on the mechanism of updating its blacklist. Instead of having 21 EOS Block Producers update its list to ensure safekeeping of funds, an account is banned (prevented from carrying out transactions) if it appears on 15 out of 21 Block Producers blacklist.
This procedure will ensure that malicious accounts are located quicker and may even make it possible for legitimate owners of accounts to regain access to their funds. EOS42 pointed out that the previous method was flawed and this new method is the best way to safeguard accounts and funds.