Cybersecurity research firm 360 has reported a series of vulnerabilities in the EOS blockchain platform earlier today. Weibo, the Chinese version of Twitter, has explained that some of the high risk vulnerabilities have the potential to execute arbitrary code on the EOS node. This means that remote attacks can take over the EOS nodes and totally control them.
The Weibo post stated
“On the early morning of the 29th, 360 first reported the vulnerability to EOS officials and helped them repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these issues are fixed.”
Vulnerabilities in a blockchain network are more serious than in a regular software as the former can be exploited by hackers to spread malicious code. The decentralized nature o blockchain network makes it possible for a security breech in a single node to quickly spread across all other nodes on the network. Once the hacker gains control of the network any kind of smart contracts can be distributed across the network with relative ease. The translated Chinese post states
“The EOS super node will execute this malicious contract and trigger a security hole. The attacker then re-uses the super node to package the malicious contract into a new block, which in turn causes all full nodes in the network (alternate super node, exchange reload point, digital currency wallet server node, etc.) to be controlled remotely.”
Once a hacker gets full control of the nodes, private keys and user data can be compromised. Furthermore, all cryptocurrency transactions can be controlled. The hacker can also use a node on the EOS network to launch a cyberattack, become a “free” miner, become a member of a botnet, or even mine other cryptocurrencies.
The report also explained that
“The series of new security vulnerabilities discovered by the 360 security team in the smart contract virtual machine on the EOS platform is a series of unprecedented security risks. Security researchers have not found such problems before. This type of security issue affects not only EOS but also other types of blockchain platforms and virtual currency applications.”
The EOS team is yet to respond officially to the vulnerabilities pointed out by the Chinese internet security firm. The EOS (EOS) token, however, has already lost about 7% to trade at about $11.20. On May 3rd, EOS hit a high of $19.30.
