Chinese Cybersecurity Firm Detects Vulnerability on EOS Platform

A vulnerability has been discovered on EOS, a platform that is used to create and launch decentralized (dApps), which attackers could easily take advantage of to cause more havoc to the platform, according to SlowMist Technology Co. Ltd, a Chinese cybersecurity firm.

The Deceptive Deposits

The vulnerability could be leveraged by an attacker to perform what is known as “false top-up” against the platform. According to SlowMist’s Medium blog post, attackers “can successfully deposit EOS to these platforms without transferring any EOS.” This particular EOS-related vulnerability is likely to affect platforms like wallets, digital assets exchanges, and other crypto-related services, SlowMist added.

EOS Currently Susceptible To Attacks

The security firm, in its blog post, claimed that a real attack has already occurred, but the details are yet to be revealed by the firm, save for disclosing that the attack is like the USDT and Ethereum false top-up attacks.

“The platform should be responsible for this [false top-up vunerability]. Since this is a new type of attack, and the attack is already happening, if other platforms are not fully confident of their own deposit process verification, they should suspend the EOS deposit as soon as possible and double check the process. Specific attack details will be disclosed by SlowMist Security Team.”

OKEx Is “Aware Of The Vulnerability”

OK, a cryptocurrency exchange based in Hong Kong, has issued a response via Twitter concerning the security threat, saying that it was “aware of the vulnerability with EOS deposits.” The company’s management also added that its trading platform was “not exposed to the vulnerability.” Customers were assured by the company’s support team that their assets were “safe and secure.”

Last month, 2.09 million EOS tokens, which is more than $7 million, was reported by an EOS community Telegram group to have been moved by a blacklisted EOS account holder. The information spread across several news media outlets which called the incident a hack. BreakerMag, however, conducted a detailed investigation and it was discovered that there exists a breakdown of an EOS arbitration group’s temporary solution for blocking malicious accounts.

Just 120,000 EOS Accounts Still Active

PeckShield, a cybersecurity research firm, published a report in December 2018 which revealed that out of 500,000 EOS accounts, only 120,000 remains active. Also, more than 200,000 EOS accounts have not seen activity since creation.

Speaking at the time about the low account activity, PeckShield’s senior security researcher, Shi Huaguo said:

“dApps on EOS started to explode since September 2018, and the number grew rapidly in October. But with EOS, (dApps) are getting hotter (or being widely-used)
, (however) the group-controlled accounts [have also] started to emerge.”

Related posts
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTElon MuskNewsteslaxbtusd

Elon Musk Pokes Massive Hole in the Bitcoin Market After Halting Bitcoin Payments at Tesla

Elon Musk left the Bitcoin ecosystem in shambles when he, in his most recent tweet revealed that his electric vehicle company Tesla, would no longer be accepting car purchase payments in Bitcoin. The new development came as a shock to…
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTMoneyGramNewsxbtusd

MoneyGram Debuts Cash-For-Bitcoin Trades At Over 12,000 Locations

Physical cryptocurrency ATMs were one of the first markers of progress for the crypto industry starting from the early to the mid-2010s. Crypto ATMs essentially indicated that there was significant demand for cryptocurrency, specifically bitcoin, and as the markets for…
cryptocurrencyCryptocurrency NewsdogecoinDOGEUSDNewsShiba InuSHIBUSD

Dogecoin Might Need to Watch Out For New Blazing Rival Shiba Inu

The meme coin Dogecoin has been one of the best performing altcoins this year. Although it doesn’t come close to many DeFi coins which are topping the list, DOGE has done significantly well for an asset that was invented as…