Chinese Security Firm Finds High-Risk Vulnerabilities on EOS Blockchain

Tuesday, 29/05/2018 | 09:45 GMT by Arnab Shome
  • This might delay the scheduled launch of EOS mainnet on June 2nd.
Chinese Security Firm Finds High-Risk Vulnerabilities on EOS Blockchain

With a versatile Blockchain -based platform for decentralized applications, EOS.IO has created a stir in the market. However, recently, the platform has been facing massive backlash amid the discovery of major security vulnerabilities on its network.

Chinese internet security giant firm Qihoo 360 has recently announced some serious security vulnerabilities on EOS platform. This came only a few days before the upcoming EOS mainnet launch scheduled at 2nd June.

Decentralized vulnerabilities

As per the security firm’s official announcement on Weibo, a few of these vulnerabilities can even remotely execute arbitrary code on the EOS node, meaning any malicious party can remotely take control over all nodes running on EOS.

Due to the distributed nature, the impact of any attack on a blockchain-based platform is far more dangerous than a centralized system, and the attacker can even publish Smart Contract containing malicious codes on the compromised network.

The report at Weibo noted: “Since the system of the node is completely controlled, the attacker can 'do whatever it wants', such as stealing the key of the EOS supernode, controlling the virtual currency transaction of the EOS network; acquiring other financial and privacy data in the EOS network participating node system, such as an exchange Digital currency, the user's key stored in the wallet, key user profiles, privacy data, and more.”

Moreover, the vulnerabilities will also allow an attacker to turn a node in the EOS network into a member of a botnet which will allow the party to engage in “free” mining activity.

Previous allegations

Earlier this month, Chengu LiaAn Technology Co, a security audit firm, claimed to have found a “critical vulnerability” in EOS’s smart contract structure. However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices”.

Possible launch delay

EOS is set to the launch its mainnet with major exchanges like Binance, Bitfinex, and Kucoin announcing their move from ERC-20 to EOS blockchain platform. However, the revelation of vulnerabilities of this scale might push the launch date if the development team does not come up with a concrete solution.

“On the early morning of the 29th, 360 first reported the vulnerability to EOS officials and helped them repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these issues are fixed,” the report by Qihoo 360 stated.

With a versatile Blockchain -based platform for decentralized applications, EOS.IO has created a stir in the market. However, recently, the platform has been facing massive backlash amid the discovery of major security vulnerabilities on its network.

Chinese internet security giant firm Qihoo 360 has recently announced some serious security vulnerabilities on EOS platform. This came only a few days before the upcoming EOS mainnet launch scheduled at 2nd June.

Decentralized vulnerabilities

As per the security firm’s official announcement on Weibo, a few of these vulnerabilities can even remotely execute arbitrary code on the EOS node, meaning any malicious party can remotely take control over all nodes running on EOS.

Due to the distributed nature, the impact of any attack on a blockchain-based platform is far more dangerous than a centralized system, and the attacker can even publish Smart Contract containing malicious codes on the compromised network.

The report at Weibo noted: “Since the system of the node is completely controlled, the attacker can 'do whatever it wants', such as stealing the key of the EOS supernode, controlling the virtual currency transaction of the EOS network; acquiring other financial and privacy data in the EOS network participating node system, such as an exchange Digital currency, the user's key stored in the wallet, key user profiles, privacy data, and more.”

Moreover, the vulnerabilities will also allow an attacker to turn a node in the EOS network into a member of a botnet which will allow the party to engage in “free” mining activity.

Previous allegations

Earlier this month, Chengu LiaAn Technology Co, a security audit firm, claimed to have found a “critical vulnerability” in EOS’s smart contract structure. However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices”.

Possible launch delay

EOS is set to the launch its mainnet with major exchanges like Binance, Bitfinex, and Kucoin announcing their move from ERC-20 to EOS blockchain platform. However, the revelation of vulnerabilities of this scale might push the launch date if the development team does not come up with a concrete solution.

“On the early morning of the 29th, 360 first reported the vulnerability to EOS officials and helped them repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these issues are fixed,” the report by Qihoo 360 stated.

About the Author: Arnab Shome
Arnab Shome
  • 6576 Articles
  • 93 Followers
About the Author: Arnab Shome
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.
  • 6576 Articles
  • 93 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}