Cryptocurrency & Blockchain Business

EOS warned about ‘epic’ vulnerability in soon-to-launch platform by Chinese researchers

The developers of one of the top-traded cryptocurrencies, EOS, say they’ve patched a vulnerability that reportedly could have compromised EOS’s entire forthcoming platform.

Chinese security company Qihoo 360 said in a Tuesday blog post that its researchers discovered an “epic” vulnerability in the EOS platform that could allow someone to manipulate all transactions, among other things.

In a technical write-up, security researchers with Qihoo 360 explained that a hacker would have been able to upload a smart contract with malicious code onto the EOS mainnet and take over a node. Smart contracts are a feature of blockchain and cryptocurrencies that allow for transactions without middlemen.

Once the malicious code takes control of a relevant server, an “attacker could then pack the malicious contract into new block (sic) and further control all nodes of the EOS network.”

Qihoo 360 warns that because of the distributed nature of blockchain technology, compromising one node can put the whole system at risk. In the vulnerability Qihoo 360 reported, attackers could steal private keys to cryptowallets, control transactions, view private data and hijack EOS nodes to cryptopmine or conduct a denial of service attack.

“Due to the decentralized computing architecture, a security hole in a single blockchain node can compromise the whole network,” the researchers wrote.

While EOS hasn’t actually launched its mainnet yet, it’s already been distributing tokens on the ethereum blockchain for sale and trade. The EOS mainnet is scheduled for launch on June 1.

Daniel Larimer, EOS’s chief technology officer, reportedly told Qihoo 360 that the mainnet would not launch until the vulnerability was fixed. CoinDesk reports that it’s already been taken care of.

In addition, Larimer tweeted out a bug bounty on Thursday, offering $10,000 for information about any unique software flaws that can be used to “cause a crash, privilege escalation, or non-deterministic behavior in smart contracts” before the EOS platform launches.

If you enjoyed this article please share it for others to read

Leave a Reply

News by Month

 

Scroll to top