Chinese internet and cyber security research firm 360 reported a series of high risk vulnerabilities in the EOS blockchain platform a couple of hours ago. According to China’s version of Twitter, Weibo, some of these vulnerabilities can remotely execute arbitrary code on the EOS node, meaning that remote attacks can directly control and take over all nodes running on EOS.
The Weibo post went on to state;
“On the early morning of the 29th, 360 first reported the vulnerability to EOS officials and helped them repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these issues are fixed.”
Defective Digital Blockchain Vulnerability
Security vulnerabilities in digital currencies tend to have far greater impacts than those associated with regular software. Due to its decentralized nature a security breech in one node can rapid spread across all others on the network and cause thousands of them to be attacked. During the attack the hacker can publish and distribute a smart contract containing malicious code targeting the vulnerability. According to the post which was translated from Chinese;
“The EOS super node will execute this malicious contract and trigger a security hole. The attacker then re-uses the super node to package the malicious contract into a new block, which in turn causes all full nodes in the network (alternate super node, exchange reload point, digital currency wallet server node, etc.) to be controlled remotely.”
The attacker then has full control over the nodal system and can steal private keys, user data, and control all cryptocurrency transactions according to the report. Additionally the attacker can turn a node on the EOS network into a member of a botnet, launch a cyber-attack, or become a free “miner” and mine other cryptocurrencies.
The report elaborated that;
“The series of new security vulnerabilities discovered by the 360 security team in the smart contract virtual machine on the EOS platform is a series of unprecedented security risks. Security researchers have not found such problems before. This type of security issue affects not only EOS but also other types of blockchain platforms and virtual currency applications.”
At the time of writing the news had only just made it out of China and onto Twitter and Reddit. The EOS team has yet to release an official response.