China’s premier internet security firm 360 released a report detailing several “high-risk vulnerabilities” in the EOS blockchain. The project was scheduled for a June 2, 2018, mainnet release, and now faces a questionable situation, which could delay the much-awaited mainnet launch indefinitely.
Mainnet Launch in Trouble
As per a report on Sina Weibo, the 360 “Vulcan” team reported the security loopholes to EOS developers on May 29 and provided feedback on potential code patches.
360 stated that the EOS blockchain is exposed to the potential risk of a remote arbitrary code attack; the attack allows hackers to remotely infiltrate the protocol’s nodes and eventually take full control of the system.
1/ Chinese Internet security giant 360 has found "a series of epic vulnerabilities" in the #EOS platform. Some of the bugs allow arbitrary code to be executed remotely on EOS nodes and even taking full control of the nodes.
Source (in Chinese): https://t.co/pt6nj6EodP
— cnLedger [Not giving away ETH] (@cnLedger) May 29, 2018
A developer from the EOS team confirmed the vulnerabilities and said that the network would not be launched until the issues are fixed permanently.
The unregulated nature of cryptocurrency networks makes them susceptible to several security flaws, as there is no governing body that pushes for strict security audits for the underlying blockchains. However, organizations like 360 conduct security checks on a voluntary basis, and release their findings to ensure projects fix their systems.
As per 360, attackers could construct and deploy a smart contract on the EOS network, taking advantage of a security bug that would create a malicious supernode.
The attacker could then use the supernode to embed the malicious smart contract on a new block, instantly giving him access to the whole network, including all supernodes, wallets, and servers.
Post this, the attacker can “do whatever they want,” including controlling all transactions, blocking the network, acquiring information of all wallets, or even shutting down the EOS blockchain.
Security a Huge Concern in Blockchain Industry
The vulnerability is certainly of “epic proportions,” and casts light on the cryptocurrency industry’s most limiting feature; the lack of audited, certified security standards.
360 appealed to cryptocurrency projects in their report and stated:
“It is hoped that the discovery and disclosure of this loophole will cause the blockchain industry and security peers to pay more attention and attention to the security of such issues and jointly enhance the security of the blockchain network.”
The Reddit cryptocurrency community was unsurprisingly unimpressed with the news, sparking a heated debate observed between the project’s believers and critics.
However, speculators seem to have taken a liking to the project and have valued the network at $10 billion, with each EOS token trading at $11 at the time of writing. The project was famously marketed as “Ethereum on steroids,” and is the world’s fifth largest digital asset regarding market cap.