Here’s How the 2.09 Million EOS “Hack” Really Happened

[vit05]

Here’s How the 2.09 Million EOS “Hack” Really Happened
By Jessica Klein

Over the weekend, an EOS “community updates” Telegram group reported the transfer of 2.09 million EOS (worth $7.26 million at time of writing) by a blacklisted account. Many reported this instance as the work of a “hacker,” but that’s not quite what took place. What happened really is about the breakdown of an early EOS arbitration group’s bandaid solution for blocking nefarious accounts.

Great article. It is easy to understand everything that has happened. I still can´t believe how EOS is on top10 with so many risky and being so centralized.

[peonminer]

TL;DR

A new top 21 block producer, games.eos, didn’t correctly set up the blacklist. So previously frozen 2.09 million EOS got transferred from a blacklisted account. The account immediately spread those funds all over the place, too quickly for EOS block producers to plug the leak. “I can tell you they’re no longer a block producer,” says Rose.

A key takeaway here is that this isn’t a “hack,” per se—and it didn’t happen over the weekend. The transfer that resulted in the moving 2.09 million EOS happened a long time ago. From Stokes’s perspective, the real problem is that the blacklist was a temporary fix, a bandaid covering the larger problem of preventing theft from bad-acting accounts.

That's wild that such a coin was able to be taken over by such a simple flaw. Whoever ransacked those 2.09M coins is laughing all the way to the bank.

[mrdeposit]

Here’s How the 2.09 Million EOS “Hack” Really Happened
By Jessica Klein

Over the weekend, an EOS “community updates” Telegram group reported the transfer of 2.09 million EOS (worth $7.26 million at time of writing) by a blacklisted account. Many reported this instance as the work of a “hacker,” but that’s not quite what took place. What happened really is about the breakdown of an early EOS arbitration group’s bandaid solution for blocking nefarious accounts.

Great article. It is easy to understand everything that has happened. I still can´t believe how EOS is on top10 with so many risky and being so centralized.

That's the main reason why i never support both EOS and XRP. Both are centralized and they are growing day by day. Can you explain this "arbitration group’s bandaid solution for blocking nefarious accounts"?

[antoclaus]

I still believe in EOS https://cmc.io/coins/eos 

[Cosbycoin]

TL;DR

A new top 21 block producer, games.eos, didn’t correctly set up the blacklist. So previously frozen 2.09 million EOS got transferred from a blacklisted account. The account immediately spread those funds all over the place, too quickly for EOS block producers to plug the leak. “I can tell you they’re no longer a block producer,” says Rose.

A key takeaway here is that this isn’t a “hack,” per se—and it didn’t happen over the weekend. The transfer that resulted in the moving 2.09 million EOS happened a long time ago. From Stokes’s perspective, the real problem is that the blacklist was a temporary fix, a bandaid covering the larger problem of preventing theft from bad-acting accounts.

That's wild that such a coin was able to be taken over by such a simple flaw. Whoever ransacked those 2.09M coins is laughing all the way to the bank.

You are funny, I kept laughing for over 10 minutes when I read your post, you said that the money the laughing to the bank not even to the exchange which makes more sense. Just a little flaw in the blockchain can cause a lot of evoke which we have already seen from this hack.

I just see it as a warning to blockchain developers out there, they should be careful in checking for bugs in a program before launching out to the world for use.