With a versatile blockchain-based platform for decentralized applications, EOS.IO has created a stir in the market. However, recently, the platform has been facing massive backlash amid the discovery of major security vulnerabilities on its network.
Chinese internet security giant firm Qihoo 360 has recently announced some serious security vulnerabilities on EOS platform. This came only a few days before the upcoming EOS mainnet launch scheduled at 2nd June.
1/ Chinese Internet security giant 360 has found "a series of epic vulnerabilities" in the #EOS platform. Some of the bugs allow arbitrary code to be executed remotely on EOS nodes and even taking full control of the nodes.
Source (in Chinese): https://t.co/pt6nj6EodP
— cnLedger [Not giving away ETH] (@cnLedger) May 29, 2018
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
As per the security firm’s official announcement on Weibo, a few of these vulnerabilities can even remotely execute arbitrary code on the EOS node, meaning any malicious party can remotely take control over all nodes running on EOS.
Due to the distributed nature, the impact of any attack on a blockchain-based platform is far more dangerous than a centralized system, and the attacker can even publish smart contract containing malicious codes on the compromised network.
The report at Weibo noted: “Since the system of the node is completely controlled, the attacker can ‘do whatever it wants’, such as stealing the key of the EOS supernode, controlling the virtual currency transaction of the EOS network; acquiring other financial and privacy data in the EOS network participating node system, such as an exchange Digital currency, the user’s key stored in the wallet, key user profiles, privacy data, and more.”
Moreover, the vulnerabilities will also allow an attacker to turn a node in the EOS network into a member of a botnet which will allow the party to engage in “free” mining activity.
Earlier this month, Chengu LiaAn Technology Co, a security audit firm, claimed to have found a “critical vulnerability” in EOS’s smart contract structure. However, EOS CTO Dan Larimer has clapped back at the reports of the alleged bug in a Medium post, saying that “the problem is not a security vulnerability,” but “the result of poor coding practices”.
Possible launch delay
EOS is set to the launch its mainnet with major exchanges like Binance, Bitfinex, and Kucoin announcing their move from ERC-20 to EOS blockchain platform. However, the revelation of vulnerabilities of this scale might push the launch date if the development team does not come up with a concrete solution.
“On the early morning of the 29th, 360 first reported the vulnerability to EOS officials and helped them repair the security risks. The person in charge of the EOS network said that the EOS network will not be officially launched until these issues are fixed,” the report by Qihoo 360 stated.