The EOS Fund Transfer is Vulnerable: SlowMist Cyber Security Firm, China
The digital currency- EOS seems to be affected by the new vulnerability, SlowMist a Cybersecurity Firm from China pointed out. The users of the digital currency can register their deposits without any needs of transferring the funds. The cryptocurrency exchange- OKEx doubly confirmed this vulnerability.
EOS is used to create and deploy dApps (decentralized apps) by many developers, and it is one of the widely used platforms by the developers. Nevertheless, it has been discovered that it is affected by the vulnerability. In a blog post on Medium, SlowMist the cybersecurity firm explained that in case cryptocurrency exchanges, wallets, and similar platforms have a rupture in judging execute status of EOS transactions, then it is advised not to trust the ‘executed’ status of the transaction. This judging can lead to serious ‘false top- up’ as per the blog’s warning. The blog explained that it is possible for an attacker to successfully depositing EOS to such platforms without actually depositing any EOS in reality. The blog further explained-
“The SlowMist Security Team has confirmed that the real attack has occurred, but it should be noted that: this time the “false top-up” of EOS attack is similar to the USDT “false top-up” disclosed previously by SlowMist Security Team and similar as the Ethereum token “false top-up.” The platform should be responsible for this. Since this is a new type of attack, and the attack is already happening, if other platforms are not fully confident of their deposit process verification, they should suspend the EOS deposit as soon as possible and double check the process. SlowMist Security Team will disclose specific attack details.”
The cybersecurity firm further confirmed that there had been real attacks. OKEx, on the other hand, mentioned on their official Twitter handle that they know that EOS is currently experiencing vulnerability. Also, they confirmed that the exchange is not exposed to it, and ensured the users that the funds are safe and secure. On 12th March, in the Twitter post, OKEx said-
We are aware of the vulnerability with $EOS deposit. And we confirm that OKEx is NOT exposed to the vulnerability. Please rest assured that your assets are safe and secure with us.https://t.co/DHwYS4R519#okexannouncement @SlowMist_Team
— OKX (@okx) March 12, 2019
Looking at last year’s attacks on crypto exchanges such as hacking, money laundering, the accidental loss has brunt the industry with a loss of millions of cryptos. Therefore, it makes full sense for a user to be fully aware of what are the security features the exchange is ready to offer and what are the preventive and restorative measures the company has chalked out n case of any such mishap.
The fifth largest digital asset- EOS’ current market capitalization is 3.31 billion U.S Dollars. If you wish to buy an EOS, it would cost you 3.65 U.S. Dollars.
Although the vulnerability issue is serious, EOS is not facing it for the first time. According to the reports, last month a crypto transfer of 2.09 million EOS was reported by the users. A blacklist EOS account did this transfer. On this Huobi posted this tweet on Twitter-
On Feb 22 at 17:35 (GMT+8), the Huobi Security team monitored that #ECAF (EOS Core Arbitration Forum) blacklisted accounts had sudden flow of assets into Huobi accounts. These $EOS accounts have subsequently been frozen, including relevant assets related to these accounts.
— Huobi (@HuobiGlobal) February 23, 2019
In addition, there were twenty-seven various EOS dApps that were exposed to vulnerabilities, as per the researchers at PeckShield. These vulnerabilities opened opportunities for the ill-intended attackers to hack into accounts and steal away valuable information and funds. There were reports about 400 K EOS coins getting embezzled.