Published
5 years ago on
February 27, 2019
When we read reports of cryptocurrency hacks and thefts, we are all very quick to respond negatively, for obvious reasons too, when assets are stolen, it damages the ecosystem and more importantly, damages the reputation of cryptocurrency.
Of course, the theft of cryptocurrency does come as a direct consequence of a lack of regulation and decentralisation. This is a case of anonymity making hacks very attractive because it’s unlikely that they will get caught, it’s as simple as that. Recently the EOS community has been exposed to a bug that has in turn exposed a major EOS account to an attack, the account is alleged to have contained millions of dollars worth of EOS. The result of this vulnerability is that funds had been compromised by a hacker, though thankfully not all funds have been stolen.
Interestingly though, thanks to the way EOS is built, this sort of attack can be seen as a good thing in the long run.
According to The Merkle:
“EOS technology has a built-in system to deal with compromised accounts. Once such an account is identified, it can be blacklisted by all 21 block producers automatically. Doing so will prevent the funds from being moved, as the corresponding transaction will not be processed in future blocks.”
In this instance, the system failed to blacklist the account straight away as a result of a failure within one of the producers actions, they failed to meet a certain requirement that would allow the producers to meet the consensus needed to blacklist the account. This triggered an investigation which found the producer account was not running and up-to-date blacklist and therefore was unable to ‘vote’ to blacklist in this instance. Questions have now been raised asking just how the producer account actually managed to earn this status in the first place, whilst running an out of date list.
Why is this hack a good thing?
This brings us to out point, this is a good thing because EOS relies on it’s producers, therefore this has given the EOS community the information it needs to make drastic improvements to their ecosystem. Improvements that might not have been made clear if the attack didn’t happen, allowing for a bigger and more powerful attack to take place in the future:
Investment Disclaimer“Instead of keeping a blacklist, the switch to a democratic solution where the majority of BPs update their blacklist should ensure issues like these cannot occur again. Since only 1 BP failed to meet the requirement out of the top 21 BPs, that countermeasure should, in theory, prove sufficient to prevent further mishaps.”
