Qihoo 360 has found several high-risk security vulnerabilities in EOS’s blockchain platform. These vulnerabilities would enable remote attacks on all EOS nodes, Qihoo 360 claimed on Weibo Tuesday, May 29.
Qihoo 360 writes that they reported the vulnerability to the EOS team and that the EOS mainnet will not launch until the security problems are resolved. Local news outlet Jinse, which noted that EOS asked 360 not to report the vulnerability, claimed that the vulnerabilities have been fixed on the same day, by around 2:00 pm China Standard Time.
According to 360’s Weibo post, the vulnerability would allow an attacker to use a smart contract with malicious code to open a security hole, and then use the supernode to enter the malicious smart contract into a new block, thus putting all network nodes under the attacker’s control.
Once this action has been completed, the attacker could then control the digital currency on the EOS network, obtain user’s private keys and data, launch a cyber attack, or begin mining for other cryptocurrencies.
“360 expressed [hope] that the discovery and disclosure of this loophole will cause the blockchain industry and security peers to pay more attention to the security of such issues and jointly enhance the security of the blockchain network.”