360 Discovered an Epic BlockChain Vulnerability in EOS and All Transaction Can Be Manipulated

May 29, 2018360TS
Learn more about 360 Total Security

[Tips: Install 360 Total Security to prevent CryptoMiner attacks]

[Update] 360 Rolls Out Virtual Vault to Protect Blockchain Wallet

Recently, 360 Security Center discovered a lot of vulnerabilities on a major BlockChain platform, EOS. After analysis, few of them allow arbitrary code run on any EOS nodes remotely. This means direct manipulation of whole EOS blockchain system.

On May 29th, 360 has reported this flaw to EOS and helped fix the issue. The representative of EOS says, “EOS will not go online unless these issues are fixed”

Vulnerabilities can bring down whole BlockChain system

Conventional flaws in software can be used for cyber attacks and lead to data and privacy leakage. The crypto currency itself forms a complete financial ecosystem. Any flaws within crypto currency or blockchain network can cause more severe and significant impacts to online users.

Due to the decentralized computing architecture, a security hole in a single blockchain node can compromise the whole network. DoS(Denial of Service) attack that is considered with least impact in software industry can be huge in the blockchain ecosystem since everything in the system is connected and self-replicating.

Crypto transaction on EOS can be completely manipulated

To compromise EOS, attackers craft and release smart contract containing malicious code. EOS BP(block producer) will executes the malicious contract that compromise the BP. Attackers then abuse the BP to pack malicious contract into new block, which causes the compromise of the control of the whole network.

Because the whole system is compromised, attackers can do whatever they want. For example, stealing the private key of EOS BP; controlling the transaction; accessing the financial and privacy data of any nodes in EOS network. (Digital currencies, user private keys in wallet, critical user information, privacy information and many more.)

Attackers can even turn the nodes within the EOS system to Botnet members, commanding them to form DDoS attack or mining for attackers’ sake.

Security in BlockChain needs more attention and investment

EOS is being considered the 3rd generation of BlockChain platform. The total coin valuation is up to 10.7 trillion US dollars. It ranks 5th in cryptocurrency valuation globally.

In the system of blockchain and cryptocurrency, there are vulnerable implementation in nodes, wallets, pools, exchanges and smart contracts. 360 Security Center has exposed many related severe flaws in the blockchain system.

The new flaws discovered this time is unprecedented. It has never been exposed by other security researchers. This type of security risk doesn’t affect only EOS but also other types of blockchain platforms and cryptocurrency applications.

Through this incident, we hope the security of blockchain and cryptocurrency can gain more attention and investment to bring users a more secure blockchain ecosystem.

Download 360 Total Security: https://www.360totalsecurity.com

Learn more about 360 Total Security