Ivan Smirnov

29.05.2018 15:19

Qihoo 360 finds a critical vulnerability in the EOS platform, the fix comes fast

hinese internet and cybersecurity research firm Qihoo 360 claims to have discovered a series of critical vulnerabilities in the EOS blockchain platform, Weibo, China’s version of Twitter reports.

EOS can function safely now

EOS can function safely now

According to the source, some of these defects might enable remote attacks to directly control and take over all nodes running on the platform by remotely executing arbitrary code on the EOS node. Weibo announced that the vulnerability was first reported to the company’s officials by the Qihoo 360 team at 10 PM on May 28th and that the repair was in process. It is confirmed that the upcoming EOS mainnet launch scheduled for June 2nd, 2018, could be delayed until these issues are fixed.

Noticeably, security defects in digital assets tend to be even more influential and dangerous than those connected with regular software. A security gap in one node, due to its decentralized nature, can spread across the whole network in a moment and cause serious virtual attacks. This might have such consequences as publishing and distribution of a smart contact containing malicious code which hits the vulnerability.

A Chinese source explained that as soon as the EOS super node executes a malicious contract which triggers a security gap, the attacker packages the malicious contract into a new block by re-using the super nod. This leads all full nodes in the network to be controlled remotely. With a range of these manipulations, a hacker gets full control over the nodal system and therefore can obtain private information as keys and user data. It means that he can totally control the transactions, launch a cyber-attack or freely mine other cryptocurrencies.

The report elaborates that security researchers have never discovered such security risks before. This type of a security vulnerability can affect not only EOS but also other types of blockchain platforms and digital assets applications. Collaboration between EOS and Qihoo 360 will likely benefit the project as it allows the company to leverage the experience and resources of the security giant in purpose to enhance the protection.

The EOS team is yet to release the official comment on the problem, but it was registered that the price of the token instantly dropped at 7% in less than an hour. Currently, the EOS is trading at $11.20 whereas on May 3rd it was $19.3.

According to Chinese media outlet Jinse, the security problem was isolated and resolved by EOS security team at 2 PM on May, 29th, and now the vulnerability is repaired.

https://block-chain.com/coin/eos

visibility

0