Ledger Nano S - The secure hardware wallet

2 Million EOS “Hack” Exposes Serious Flaw with Block Producer Model

2 Million EOS Hack Exposes Serious Flaw with Block Producer Model

Last weekend, an error made by a newly-elected EOS Block Producer allowed 2.09 million EOS tokens to be moved from a blacklisted account. As explained in an EOS community update, the movement of tokens from the blacklisted account was caused by the newly-elected games.eos block producer incorrectly implementing EOS’s blacklist of frozen accounts.

The exploit has widely been referred to as a hack, but as Jessica Klein explained in Breaker Mag, a “hack” isn’t exactly an accurate description of what happened. EOS maintains a controversial blacklist of accounts accused of acting in a fraudulent way . The reason that the list is controversial is that some see it as a form of censorship. It can also be used to reverse fraudulent transactions, which adds an extra level of security to EOS, at the expense of the blockchain principle of all transactions being immutable.

For the blacklist to be effective, it needs to be maintained by all of EOS’s 21 active block producers. EOS’s block producers are voted into their authoritative position by ordinary token holders at regular intervals. When games.eos became the latest entity to achieve block producer status, it failed to correctly update the list of blacklisted accounts. This allowed one blacklisted account to quickly move 2.09 million EOS tokens to other addresses, spreading them throughout the network faster than other block producers were able to react. Klein’s article quotes Kevin Rose, head of community for the well-established EOS New York block producer group, as saying eos.games is no longer a block producer. It seems very unlikely that they’ll again be trusted with the role.

But the damage has already been done. And without significant changes to either the way the blacklist is maintained or the way EOS’s system of block producers operates, there is every chance a similar incident could happen again.

Can Similar Incidents be Prevented in Future?

The EOS community update that broke news of the 2.09 million token transfer also shared a Medium article containing a proposal for fixing what it calls the “broken blacklist.” The proposed solution would involve nulling the keys of blacklisted accounts, making it impossible for them to move funds like this again. The article also makes clear the urgency of the problem, as it would currently be possible for the owner of a blacklisted account to bribe an EOS block producer into incorrectly maintaining the blacklist. There is no indication this has happened with the eos.games blacklist issue, and all reports have simply attributed the failed blacklist implementation to human error. But it is a problem that needs a solution as quickly as possible.

Klein’s Breaker Mag article quotes Luke Stokes of the eosDAC block producer group as offering several other solutions, including multi-signature and time-delayed permissions for moving funds. Stokes argues that the current reliance on a manually maintained blacklist isn’t scalable. This sentiment seems to be widely shared among the EOS community, but there isn’t currently any consensus on the best way of fixing the issue. Consensus will be necessary to implement any alternative to the current blacklist model, and consensus within a decentralized network can be difficult to achieve. But the scale of the recent incident, with the EOS tokens affected being currently worth close to $7.5 million, should help sharpen minds toward enacting a permanent solution.

The Reaction

Some have attributed a recent dip in EOS’s token value to a reaction to the blacklisting issue, but this may be a case of looking for a casual effect where none really exists. EOS is down to $3.59 per token at the moment, compared to around $3.76 just before the EOS community update was posted detailing the incident. However, EOS’s performance is largely in line with the overall cryptocurrency market, with Bitcoin and Ethereum experience similar recent dips. And EOS actually climbed to $4.41 in the days after the update was posted.

Critics of EOS have been predictably vocal in drawing attention to the issues that the latest incident has brought to light. Emin Gün Sirer, associate professor of computer science at Cornell University and a noted expert on peer-to-peer networks, has taken to Twitter to point out the issues this exposes with EOS’s network security.

Brendan Blumer, co-founder and CEO of EOS’s creators block.one, responded to Sirer’s criticism with tweets of his own. Blumer first defended the principle of the blacklist being unanimously enforced, and then suggested there was some hypocrisy from Sirer in regards to his criticism of EOS. Sirer is currently developing a project on the Tezos protocol, and Blumer claims that Sirer attempted to hire EOS co-founder and lead developer Dan Larimer to work as chief technical officer on Sirer’s project.

The incident also generated a lot of discussion on the /r/cryptocurrency subreddit, with a majority of the most upvoted comments in response to Sirer’s Tweets heavily criticizing EOS and its blacklist.

Moving Forward

The most immediate consequence of the blacklist breach is that eos.games is unlikely to gain the support needed to be voted into a block producer position in future. We previously looked at the controversy surrounding the EOS block producer consensus mechanism, and this latest incident has drawn renewed attention to its unique system of network governance. Rose details the demands of being a block producer in Klein’s Breaker Mag article, claiming to be working actively on EOS from the moment he wakes up until the moment he falls asleep each day. The article goes on to detail the lengths block producers go to gain the support necessary to be voted into their position, from going on political campaign-style media blitzes to traveling around the world to promote themselves to EOS token holders. Despite its name, the EOS New York group to which Rose belongs has members spread across the globe, so that there is always someone online to perform the work necessary of a block producer.

There are advantages to the block producer model compared to the proof of work consensus mechanism employed by Bitcoin, Ethereum, and countless other cryptocurrencies. Most obviously, it does away with the enormous energy consumption associated with cryptocurrency mining.

It remains to be seen if eos.games’ error will result in serious changes to the way EOS operates. But the block producer consensus mechanism is a core part of EOS’s identity and the principle of blocking malicious accounts is a key way in which EOS has differentiated itself from other networks. Avoiding further breaches such as this one will be a hugely important issue for the EOS community going forward.

About Christopher Williams

Christopher Williams is a British writer based in South Korea with a strong interest in emerging technologies, cryptocurrency, and the development of decentralized apps.

Ledger Nano S - The secure hardware wallet