Hacker steals $7.7 million worth of EOS after security breach

An EOS mainnet security breach has allowed a hacker to steal $7.7 million worth of EOS.

A Telegram post by EOS block producer EOS42 outlined how one of 21 block producers (BPs) did not update a blacklist – a feature that requires BPs to ban compromised EOS mainnet accounts.

The Telegram post read: “On Feb 22, 2019, a new Active BP (games.eos) did not update the blacklist for EOS mainnet accounts.

“The blacklist is used to freeze accounts that were hacked. Due to the blacklist not being updated, an attacker from one of these frozen accounts managed to transfer 2.09 million EOS.”

Block producer is a term used to describe the most efficient miners of the EOS cryptocurrency.

A BP dubbed ‘games.eos’ reportedly did not update the blacklist.

“At the moment, for the blacklist to function, all BPs need to update the blacklist manually,” the Telegram post added.

“Only one blacklist not updated will bypass this.”

Frozen accounts

EOS42 is a web-based community of EOS cryptocurrency owners.

The Huobi exchange froze accounts the hacker sent funds to.

Huobi tweeted: “On Feb 22 at 17:35 (GMT+8), the Huobi Security team monitored that #ECAF (EOS Core Arbitration Forum) blacklisted accounts that had a sudden flow of assets.

“These $EOS accounts have subsequently been frozen, including relevant assets related to these accounts.”

The EOS platform was developed by private company block.one and released as open source software on June 2nd 2018.

One billion tokens were distributed on the Ethereum blockchain by block.one.

Block.one has been approached for a comment.