Before the EOS mainnet, which has attracted a lot of attention from the currency circle, is about to go live, it is destined to be a few days of unrest.

After the founder Yuhong said at the Guizhou National Digital Expo Forum at three o'clock yesterday that EOS is the largest air currency and pyramid scheme currency, it was exposed today that a high-risk loophole was found. The drop reached 6% within an hour, and by the time of writing, it had fallen below $11.

Today, 360 official Weibo said that the 360 ​​company Vulcan (Vulcan) team discovered a series of high-risk security vulnerabilities in the blockchain platform EOS. verified,Some of these vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, through remote attacks, directly control and take over all nodes running on EOS.

According to 360 official Weibo, among the high-risk vulnerabilities of EOS,The attacker will construct and publish a smart contract containing malicious code, and the EOS super node will execute the malicious contract and trigger the security hole in it.The attacker then uses the super node to package the malicious contract into a new block, which leads to the remote control of all full nodes in the network (alternative super nodes, exchange recharge and withdrawal nodes, digital currency wallet server nodes, etc.).

Since the node system has been fully controlled, the attacker can "do whatever they want", such as stealing the key of the EOS super node, controlling the virtual currency transaction of the EOS network; obtaining other financial and privacy data in the EOS network participating node system, such as exchanges The digital currency in the wallet, the user key stored in the wallet, key user information and private data, etc.

What's more, attackers can turn nodes in the EOS network into members of a botnet, launch network attacks or become free "miners" to mine other digital currencies.

For this reason, Zheng Wenbin, the person in charge of 360 security, was interviewed about the current details of the vulnerability and the repair situation.

Zheng Wenbin said that due to the seriousness of the vulnerability, the team contacted BM directly via telegram in the early morning of the 29th, and reported its vulnerability attack method and demonstration video to BM by email. EOS may announce the relevant details later or Thanks.

Regarding the current situation of EOS vulnerability repair, Zheng Wenbin said that the basic problems have been fixed, but it remains to be seen.

Last Friday, 360 launched the blockchain security situation awareness system. According to the official statement, the system provides early warning and traces the source of private mining, abnormal transfers, phishing scams, illegal transactions, etc. The EOS security vulnerability reported this time belongs to the EOS mainnet 360 Security System’s vulnerability screening measures before going online.

Zheng Wenbin said, so far, the team has discovered more system vulnerabilities in EOS. The vulnerabilities reported today are only the highest priority security issues. Other vulnerabilities will be contacted with the EOS official before the EOS mainnet goes live.Regarding whether these vulnerabilities will delay the progress of the EOS mainnet launch, Zheng Wenbin said that it is not clear yet, butBM stated that until these problems are fixed, the EOS network will not be officially launched.

It is worth noting that BM, the founder of EOS, previously stated that providing valuable vulnerabilities will receive a reward of 10,000 US dollars, and the BM team will be responsible for evaluating the value of the vulnerabilities.

Zheng Wenbin also saiddiscovered todayVulnerabilities are not unique to EOS. At present, basically all blockchain smart contracts such as Ethereum may face such problems, This report issue is intended to attract more attention and attention from the blockchain industry and security peers to the security of such issues, and jointly enhance the security of the blockchain network.

Today, in response to the EOS vulnerability incident, Shuai Chu, the founder of Quantum Chain, said in the WeChat group that the vulnerability is prone to occur on contract platforms that support virtual machines, and the infinite flexibility of smart contracts also leaves infinite hidden dangers. Any negligence of a small consensus protocol will have the opportunity to ddos ​​the entire blockchain network.

(I am Aloe Vera, a reporter from Odaily. To explore the real blockchain, please add WeChat 1012387983 for breaking news and communication. Please note your name, unit, position and reason.)

(I am Aloe Vera, a reporter from Odaily. To explore the real blockchain, please add WeChat 1012387983 for breaking news and communication. Please note your name, unit, position and reason.)