Blockchain platform EOS found containing critical security vulnerabilities
Security researchers have uncovered several security vulnerabilities in blockchain platform EOS, some of which can be exploited by hackers to remotely execute arbitrary code on EOS nodes and thereby manipulate the entire EOS blockchain system!
EOS presently ranks fifth in cryptocurrency valuation globally and is considered as the third generation of BlockChain platform. The advantage of EOS over traditional blockchain platforms such as Bitcoin is that while Bitcoin manages around 3-4 transactions per second, EOS can perform millions of transactions per second thanks to the use of a distributed proof-of-stake consensus mechanism.
Researchers at 360 Security Center recently observed that the EOS blockchain system contained several vulnerabilities that could be exploited not only to run arbitrary code on EOS nodes remotely, but also to directly manipulate the whole blockchain system. To make this possible, all a hacker needed to do was to release smart contract containing malicious code which would, in turn, be executed by the EOS block producer.
Once a malicious smart contract is executed, a hacker can steal the private key of EOS block producer, control a transaction, and access the financial and privacy data of any nodes in EOS network. Such data may include digital currencies, user private keys in wallet, critical user information, and privacy information.
“Due to the decentralised computing architecture, a security hole in a single blockchain node can compromise the whole network. DoS(Denial of Service) attack that is considered with least impact in software industry can be huge in the blockchain ecosystem since everything in the system is connected and self-replicating,” the researchers noted.
They added that since the cryptocurrency itself forms a complete financial ecosystem, any flaws within cryptocurrency or blockchain network can cause more severe and significant impacts to online users. They also defined vulnerabilities discovered in the EOS blockchain system as “unprecedented” and that such flaws were never exposed in blockchain systems in the past.
The said vulnerabilities were fixed by EOS after being reported by researchers at 360 Security Center and the company affirmed that the platform will go online only after the issues are fixed.
Sources | scmagazineuk