A Hacker Steals $7M in Cryptocurrency Due to Blacklisting System Failure
Last week, a hacker successfully stole over $7 million in cryptocurrency after a blacklisting system failed to protect a compromised account. The incident was brought to light by EOS42, a London-based community and one of the block producers (BPs) of the EOS digital currency.
Blacklisting System Breakdown
EOS utilizes a blacklist to freeze any accounts that have been compromised. This system is maintained by 21 block producers who are responsible for the EOS.IO blockchain. However, the rotation of these producers led to a critical oversight in the blacklisting process. A newly active block producer, games.eos, failed to update the blacklist, allowing the hacker to transfer two million EOS from the compromised account.
Proposed Solution
To address this loophole, EOS42 suggested a new system where if 15 out of the 21 block producers update the blacklist, the changes will be implemented, preventing any funds from being accessed by hackers. This proposed solution aims to safeguard accounts and ensure that funds can be returned to their rightful owners once the security breach is resolved.
According to EOS42, the current loophole gives a single block producer significant power over the consensus of 15 out of 21 producers. By nulling the keys of blacklisted accounts as an interim solution, the integrity of the consensus can be maintained, providing additional protection until a more permanent solution is determined.
Protecting Community Consensus
The EOS community must prioritize upholding the 15 out of 21 consensus to prevent any individual producer from undermining the system. By addressing the current vulnerabilities in the blacklist system, EOS can maintain its position as the fourth largest cryptocurrency on the market, valued at over £3 billion.