Chinese internet security firm Qihoo 360 discovered a series of serious vulnerabilities in the EOS blockchain. Reportedly, these vulnerabilities can take over all the nodes running on the platform. After bringing this to the notice of the EOS developer team, the issue was fixed within a few hours.
The report states that these vulnerabilities can allow attackers to execute arbitrary code on the EOS node. They reached out to the EOS team to inform them of this issue, to which a representative stated that the mainnet launch will not occur until these issues are fixed. They then proceeded to fix the error within a few hours of the report.
The aforementioned vulnerabilities have a possibility of being exploited to cause cyber attacks, causing data and privacy leaks and “the impact of real life”. The report states [trans.]:
“The security loopholes in digital currency and blockchain networks tend to have more serious and direct impacts.”
The aftermath and effect of the attack are further amplified by the decentralized nature of the blockchain. One affected node may translate to thousands of vulnerable nodes.
The exploit can be utilized by publishing a smart contract with malicious code, which will then be executed by the EOS supernode. This will trigger a compromise of the blockchain’s security. The attacker can then utilize the supernode to package the malicious code into a new block, which will then be accepted by all full nodes in the network. This, in turn, will allow for remote control of all nodes.
This kind of attack will allow for serious security breaches, such as the theft of the super node’s key, controlling transactions and even access private information such as wallet details and user profiles. Most serious of all, the entire EOS network can be utilized to launch attacks on other cryptocurrencies.
Subscribe to AMBCrypto’s Newsletter