- Funds worth $7.7 million disappears after a new Block Producers fails to update the blacklist.
- Huobi exchange utilizes data from ECAF to monitor transactions from blacklisted accounts to its wallets.
A hacker who is yet to be identified made away with 2.09 million EOS following the failure of a new active BP to update the blacklist of the network’s mainnet accounts. The hack took place a few days and was first mentioned on ‘EOS Go’ Telegram channel.
“On February 22, 2019 a new Active BP (games.eos) did not update the blacklist for EOS mainnet accounts. The blacklist is used to freeze accounts that were hacked. Due to the blacklist not updated, one of these frozen accounts attacker managed to transfer 2.09 million EOS.
The hacker got the opportunity to steal the funds after the EOS team had devised a way to fix the broken blacklist. The EOSIO chain Block Producers (BP) are given the mandate to add accounts on a blacklist. However, the new BP failed to update a new version of the blacklist for the EOS mainnet accounts. This gave the hacker a window to fizzle EOS coins.
Moments after the hack attack the security team at Huobi assessed the data provided by the EOS Core Arbitration Forum (ECAF) in a bid to monitor EOS transactions from the blacklisted accounts to Huobi wallets. The exchanged moved to block all EOS accounts linked to the blacklist.
Share
