After blacklist snafu, Hacker steals $ 7.7 million in EOS cryptocurrency


One of 21 maintainers of the EOS blacklist failed to update its list, allowing the hacker to start with the funds stolen.

A hacker has stolen EOS cryptocurrency worth $ 7.7 million after one of the 21 blacklist EOS maintainers failed to do its job.

The hack was launched by EOS42, a web – based community of EOS cryptocurrency owners, on Saturday, February 23, in a public telegram post.

EOS42 (also known as EOS Go) said on February 22 that one of its users had compromised their EOS account by a hacker.

After the hack was discovered, the unnamed user followed a normal security procedure that was hard – coded within the EOS blockchain code to allow malicious accounts to be blacklisted.

The procedure involved notifying the EOS address of the malicious account to the top 21 “block manufacturers” (a term used to describe the most efficient miners of the new EOS cryptocurrency).

The 21 top block producers would then update a blacklist of banned EOS addresses that would be used by cryptocurrency exchanges to ban malicious accounts from interacting with their platforms, preventing hackers and other entities from moving stolen money.

The procedure was put in place to prevent hackers from stealing funds, but over the weekend it did not work as planned.

All top 21 block manufacturers must update their blacklist. If only one top 21 BP does not have an updated blacklist, hacked accounts are vulnerable to emptying, “the EOS42 team said in a Medium blog post.

This scenario occurred in the last 24 hours when a newly rotated top 21 BP failed to apply the blacklist. The EOS block manufacturer, which failed to update its blacklist, was identified as games.eos, a platform for the development of blockchain games based on EOS, which recently entered the top 21 block producer ranking and did not run an up-to-date blacklist.

The hacker moved 2.09 million EOS coins from the hacked account to several accounts at different cryptocurrency exchanges, according to current reports.

The Huobi exchange platform froze accounts to which the hacker sent funds after the EOS42 Telegram post. However, with a nice sum, the hacker got away, as not all exchanges did the same.

Following the incident, EOS42 now proposes that EOS blockchain maintainers replace the shoddy “blacklist” mechanism with a more democratic system in which, if 15 out of 21 EOS block producers update their blacklist, the account key is nullified, blocking access to the hacked account.

This opens the door to faster takedowns of hacked accounts, but also allows the legitimate owner of the account to re-enable access down the line.

EOS42 argued that the previous approach to the blacklist was defective because “in the most egregious form, any hacker could corrupt a BP by encouraging them to update their blacklist with a reward for” failure.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.