In the cryptocurrency world, stealing funds is nothing new under the sun whatsoever. While most of these thefts involve hacking exchanges or scamming users, it seems the recent $7.7m worth of EOS theft is a bit different. An internal mishap involving the 21 block producers has caused a very unfortunate incident to materialize.
The $7.7m EOS Theft Explained
A few days ago, the EOS community was made aware of an issue which would see a major account compromised. While the owner and the hacker remain unclear at this point, the account contained several million dollars worth of EOS. It is also not sure if this account is linked to an exchange or is set up properly. However, the end result is the exact same, as the funds were compromised by an assailant.
To put this story in its proper perspective, the EOS technology has a built-in system to deal with compromised accounts. Once such an account is identified, it can be blacklisted by all 21 block producers automatically. Doing so will prevent the funds from being moved, as the corresponding transaction will not be processed in future blocks. That system usually works quite well, but in this case, it failed rather miserably.
More specifically, the security procedure to have the account blacklisted was followed. As such, the top 21 block producers were notified so their list can be updated accordingly. For some unknown reason, one of the producers failed to meet this requirement and allowed – inadvertently – for the compromised account to have $7.7m worth of EOS stolen in the process. It is very uncommon for one block producer to not meet the requirements in this regard.
As is usually the case when something like this happens, an investigation was launched pretty quickly. It turns out the “misbehaving” BP was a newly rotated top 21 block producer. It failed to update its blacklist accordingly. Why that situation was allowed to materialize, is a different matter altogether. An entity not running an up-to-date blacklist should, in theory, not become a top 21 BP in the first place.
Although the assailant was not successful in stealing all of the compromised account’s funds, the effort was still pretty successful. Huobi was the first exchange to freeze accounts used to send the stolen funds to. Other trading platforms were not as quick on the ball, which means the hacker could clean out several million dollars worth of EOS without too many problems. A very serious incident which highlights some key issues within the EOC ecosystem which needs to be addressed.
It appears a solution is already being proposed as of right now. Instead of keeping a blacklist, the switch to a democratic solution where the majority of BPs update their blacklist should ensure issues like these cannot occur again. Since only 1 BP failed to meet the requirement out of the top 21 BPs, that countermeasure should, in theory, prove sufficient to prevent further mishaps. For now, it is unclear if this proposal will be accepted, but it is a good way to turn a negative situation into something positive.
Disclaimer: This is not trading or investment advice. The above article is for entertainment and education purposes only. Please do your own research before purchasing or investing into any cryptocurrency.