An unknown hacker on February 22, was able to steal 2.09 million EOS cryptocurrency valued at about $7.7 million from a malicious account. The attack was made possible due to the failure of one of the 21 EOS producers to update a blacklist. As a result, this left the account susceptible to attack.
EOS42 Reveals Hack of Tokens on Telegram
EOS on its Telegram channel announced that a hacker was able to move 2.09 million EOS cryptocurrency from a compromised account. The channel, EOS42 revealed that the newest EOS producer had failed to update the malicious account on the blacklist. As such, this left the account vulnerable to attack, leading to its subsequent hack.
More light into the matter reveals that usually, hacked accounts have their addresses updated on a “blacklist for EOS mainnet accounts”. 21 EOS producers, on the other hand, have the task of updating this blacklist. Once that is done, funds held within such accounts cannot be sent to other exchanges.
Huobi Cryptocurrency Exchange Freeses Funds
Huobi, a Singapore-based cryptocurrency exchange is one of the exchanges where the stolen funds were sent to. The exchange after detecting the move froze the accounts which held the tokens. They also made a publication on Twitter, notifying the public that relevant assets that are related to such accounts have also been frozen.
On Feb 22 at 17:35 (GMT+8), the Huobi Security team monitored that #ECAF (EOS Core Arbitration Forum) blacklisted accounts had sudden flow of assets into Huobi accounts. These $EOS accounts have subsequently been frozen, including relevant assets related to these accounts.
— HuobiGlobal (@HuobiGlobal) February 23, 2019
While Huobi is possibly not the only exchange to have received the funds, it is believed that the actor behind the crime has made away with some tokens. The latter can be attributed to the fact that the move must have gone undetected by other virtual currency exchanges. Nevertheless, how much was entirely lost is uncertain since the recovered funds were not stated.
Steps Taken to Prevent Security Breaches on Blacklisted Accounts
EOS, on the other hand, has taken measures to ensure that events of this nature do not occur in the future. Specifically, those relating to a hacked account which has been blacklisted to prevent funds from being stolen from it. On Telegram, the startup stated that:
EOS42 recently proposed a solution for the blacklist issue. At the moment for the blacklist to function, all BPs need to update the blacklist manually. Only 1 blacklist not updated will bypass this.
Events of this nature are not the first of its kind given that exchanges have also been hacked. Some instances are the case of Coincheck in January 2018 and Cryptopia in January 2019. On February 16, BTCNN reported that Coinbase cryptocurrency exchange had rewarded a bug finder with $30,000. The aim is to track down loopholes on the exchange which can be taken advantage of by criminals.