Tough Days for EOS: ‘False Top-Up’ Vulnerability Attacks and A Large Fake Transaction Worth Over $3 Trillion
EOS which has often been touted by proponents as an “Ethereum killer” appears to lose luster as the public blockchain has recently been beleaguered by scandals and security vulnerabilities.
An EOS user named “fuckhacker.x” successfully created a transaction of 1 trillion EOS (worth around $3.6 trillion) on March 11, which was picked up by Whale Alert, a Twitter account that is known for tracking and reporting large transactions from crypto whales.
The unusually large transaction which ultimately failed owing to the sheer size being 1000 x the total supply of EOS raised concern in the crypto community. But the transaction was broadcast before it was spotted and deleted.
Commenting on Whale Alert’s Twitter post, EOS New York, one of the top 21 block producers on the EOS blockchain said the big transaction was made to test a new feature of the protocol, which is known as a deferred transaction.
Simply put, a deferred transaction means a transaction can be scheduled by a contract to be executed at some time in the future, and there is no guarantee that the transaction will be executed as the nodes could decide to drop it.
According to the Chinese blockchain news media BlockBeats, the account that made the transaction is owned by VSbet, a EOS gambling decentralized application(DApp). A DApp developer indicated that VSbet sought to create a fake transaction to drive up the trading volume to lure more users, and at present, both crypto exchanges and wallets are not able to filter this kind of fake transactions out.
In addition, EOS is also finding itself in a difficult position as China’s security firm SlowMist announced on March 12 that the blockchain network might be vulnerable to ‘false top-up’ attacks. SlowMist claimed in a Medium blog post that a hacker can exploit the vulnerability to successfully deposit EOS to crypto exchanges, wallets and other platforms without transferring any token.
The security firm has confirmed that the attack has occurred, and suggests these platforms who are not fully confident of their own deposit process verification should suspend the EOS deposit as soon as possible and double check the process.
Last month, an unidentified hacker moved 2.09 million EOS tokens which were worth about $7.7 at the time from a compromised account due to a new EOS Block Producer failing to update the mainnet account blacklist.
EOS, the world’s fifth largest crypto by market cap, is currently valued at $3.67 with the trading volume of $1,574,569,577 over the last 24 hours.