EOS ‘false top-up’ vulnerability found by Chinese Cybersecurity Firm

Blockchain by Blockspectator News  | 1 year ago
2 min read

In further bad news for the decentralized d’Apps platform EOS, a Chinese Cybersecurity firm has confirmed that they might be vulnerable to another attack.

SlowMist Technology Co.Ltd stated in a blog post of a new ‘false top-up’ vulnerability that could be exploited by attackers as they would be able to “successfully deposit EOS to these platforms without actually transferring any EOS.”

The team also confirmed that a real attack has already materialized, comparing the attack to the ones similarly experienced by USDT and Ethereum. They added:

“The SlowMist Security Team has confirmed that the real attack has occurred, but it should be noted that: this time the “false top-up” of EOS attack is similar to the USDT “false top-up” disclosed previously by SlowMist Security Team and similar as the Ethereum token “false top-up.” The platform should be responsible for this. Since this is a new type of attack, and the attack is already happening, if other platforms are not fully confident of their deposit process verification, they should suspend the EOS deposit as soon as possible and double check the process. Specific attack details will be disclosed by SlowMist Security Team.”

So far cryptocurrency exchange OKEx has confirmed the vulnerability and has tweeted, that user EOS deposits in their exchange will not be exposed to the issue.

“We are aware of the vulnerability with $EOS deposit. Moreover, we confirm that OKEx is NOT exposed to the vulnerability. Please rest assured that your assets are safe and secure with us.”

This current vulnerability has continued the recent events of EOS security issues coming to the forefront.

Last month it was reported via the EOS Community telegram group, that a blacklisted EOS account holder had transferred 2.09 million EOS tokens to their individual account. However, further investigation revealed that the transfer was more likely due to a breakdown in communication among EOS arbitration groups and BPs instead of an actual ‘hack.’