A vulnerability has been discovered on EOS, a platform that is used to create and launch decentralized (dApps), which attackers could easily take advantage of to cause more havoc to the platform, according to SlowMist Technology Co. Ltd, a Chinese cybersecurity firm.
The Deceptive Deposits
The vulnerability could be leveraged by an attacker to perform what is known as “false top-up” against the platform. According to SlowMist’s Medium blog post, attackers “can successfully deposit EOS to these platforms without transferring any EOS.” This particular EOS-related vulnerability is likely to affect platforms like wallets, digital assets exchanges, and other crypto-related services, SlowMist added.
EOS Currently Susceptible To Attacks
The security firm, in its blog post, claimed that a real attack has already occurred, but the details are yet to be revealed by the firm, save for disclosing that the attack is like the USDT and Ethereum false top-up attacks.
“The platform should be responsible for this [false top-up vunerability]. Since this is a new type of attack, and the attack is already happening, if other platforms are not fully confident of their own deposit process verification, they should suspend the EOS deposit as soon as possible and double check the process. Specific attack details will be disclosed by SlowMist Security Team.”
OKEx Is “Aware Of The Vulnerability”
OKhttps://btcnn.com/tag/okex/Ex, a cryptocurrency exchange based in Hong Kong, has issued a response via Twitter concerning the security threat, saying that it was “aware of the vulnerability with EOS deposits.” The company’s management also added that its trading platform was “not exposed to the vulnerability.” Customers were assured by the company’s support team that their assets were “safe and secure.”
Last month, 2.09 million EOS tokens, which is more than $7 million, was reported by an EOS community Telegram group to have been moved by a blacklisted EOS account holder. The information spread across several news media outlets which called the incident a hack. BreakerMag, however, conducted a detailed investigation and it was discovered that there exists a breakdown of an EOS arbitration group’s temporary solution for blocking malicious accounts.
Just 120,000 EOS Accounts Still Active
PeckShield, a cybersecurity research firm, published a report in December 2018 which revealed that out of 500,000 EOS accounts, only 120,000 remains active. Also, more than 200,000 EOS accounts have not seen activity since creation.
Speaking at the time about the low account activity, PeckShield’s senior security researcher, Shi Huaguo said:
“dApps on EOS started to explode since September 2018, and the number grew rapidly in October. But with EOS, (dApps) are getting hotter (or being widely-used)
, (however) the group-controlled accounts [have also] started to emerge.”