A hacker managed to move 2,09 million EOS, around $7,7 million, from an account. An EOS block producer failed to update the blacklist which made the hack possible, according to EOS Go Telegram channel.

How does EOS work?

To understand how the hack happened, we need to understand EOS better. The blockchain is a decentralised operating system that supports industry-scale decentralised applications (dapps). Other blockchains, such as Ethereum and Bitcoin are not as scalable since it uses Proof-of-work. Even though Ethereum will move to Proof-of-stake (PoS) soon, it will not be as efficient as the system EOS use. The blockchain operates through a delegated proof of stake (DPos) which means it is faster than PoS and Pow. Only 21 nodes runt, the system and they, validate transactions. The block producers get decided through votes which happens every 60 seconds. Kevin Rose, the co-founder and head of community at block producer EOS New York, said:

“The job security of a block producer is 60 seconds long.” Quote from breakermag.com

Users vote based on who they think does a good job, and the nodes with most votes get elected for the job. Communication is, therefore, an essential part of keeping a block producer in the top 21.

However, a few months ago, there were rumours that the block producers formed a cartel and undermined the democratic process. The document (published in Chinese) says that parties are in communication with one another and have agreed to stake each other for mutual reciprocation. There is also mention of one exchange offering its votes for sale. Block.one CEO, Brendan Blumer faced the criticism and published a response on the company blog. She stated that they do everything they can to uphold the democratic process and the integrity of the blockchain.

Block.one created the blockchain in a way that the block producers can blacklist accounts that try to cheat the system. However, every single one of the 21 block producers must blacklist an account if it is to work properly. On February 22nd, a new block producer called “games.eos” apparently did not update the blacklist for the mainnet accounts which made the hack possible.

How could someone steal 2,07 million EOS?

It means that if one of the block producers forget or fail to blacklist correctly, then the entire network is vulnerable. Therefore, 2,09 million EOS got stolen. The “loophole” unfortunately gives one single block producer the power over the network. In essence, it means that if one node is corrupt, the whole system can suffer. The funds were previously Frozen, but after the incident, they got successfully transferred from the blacklisted account.

Meanwhile, the security team of Huobi, who used blacklist data from EOS Core Arbitration Forum (ECAF), detected that something was not right. They saw that assets arrived from blacklisted accounts into Huobi accounts. They took action and froze the accounts. The community does not seem to happy about the incident, and many users on Reddit seem tired of hacks.

However, Eos is one of the most used blockchain’s, and according to recent statistics, it is more used than Ethereum. Out of the ten most used applications, four are built on the platform. About a month ago, China updated its ranking list over cryptocurrencies, and the blockchain was ranked as number one. It has consistently scored high in the list, which is called the “Global Public Chain Technology Evaluation Index,” and updated approximately once a month. However, the community work on a sustainable solution but have not decided upon something yet. According to Coinmarketcap.com, it is the fourth largest crypto by market capitalisation and currently trades around $3,58.

Image by kalhh on Pixabay

