Qihoo 360 discovers high-risk security issues in EOS, says 80% digital wallets have problems

May 29, 2018
|In On the Cusp
|By Masha Borak
1 min read

Blockchain platform EOS is facing a series of high-risk security vulnerabilities, according to Chinese cybersecurity company Qihoo 360 which published a report on May 29. The company’s Vulcan team discovered that attacks can be remotely executed on the EOS node, TechNode’s Chinese sister site reports.

EOS is a blockchain-based, decentralized system that enables the development, hosting, and execution of commercial-scale decentralized applications (dApps) on its platform.

CEO and Chairman of 360 Zhou Hongyi said that the loophole his company discovered is worth $100 million, Bianews is reporting.

Specifically, the attacker could create and publish a smart contract containing malicious code, and the EOS supernode could execute the malicious contract and trigger the security vulnerabilities. 360 said that since attackers can completely control the node system, they can do whatever they want: stealing keys of the EOS supernodes, control the virtual currency transactions of the EOS network, obtain financial and privacy data in the EOS network such as the digital currency that is exchanged and stored in the wallet. Hackers could steal user keys and private data. Even more, an attacker can turn a node in the EOS network into a botnet launching a network attack or become a free “miner” and dig out other digital currencies.

According to the report, security vulnerabilities not only affects the EOS platform but also other types of blockchain platforms and the virtual currency applications. Since publishing the security links, EOS has announced it has isolated and resolved the security flaw identified by the 360 team, according to Jinse.

Founder of Chinese blockchain company Qtum, Shuai Chu, said that the limitless flexibility of intelligent contracts has left limitless hidden dangers, Bianews reports. The negligence in any small consensus agreement will open opportunities for DDOS attacks on the entire blockchain network. ETH and EOS are not designed for money, said Chu. The design of blockchain platform is very complicated and contains more security risks.

360 also published a white paper on digital wallets (in Chinese) on the same day which revealed that among 20 currently most popular digital wallets on the market 80% have vulnerabilities. The report, however, doesn’t state that using digital wallets carries risks.

Bitcoin and blockchain digital wallets EOS Qihoo 360 security