Report: Over 400k EOS Tokens Stolen, More Than 200k Dormant EOS Accounts

EOS, the blockchain-based cryptocurrency platform for building vertically and horizontally scalable decentralized applications (dApps), was recently analyzed by cybersecurity firm, Peckshield.

According to the findings of Peckshield’s research, there are over 500,000 EOS accounts that have been opened since the crypto platform went live in June 2018. Out of more than half a million accounts, there are about 120,000 EOS accounts being controlled by certain groups, the security firm noted.

Over 200,000 EOS Accounts Are Dormant, Many Accounts Used By Bounty Hunters

The researchers also found that over 200,000 (roughly 37%) EOS accounts have been dormant since they were created. Commenting on the nature of the activity on EOS’ blockchain, Shi Huaguo, the senior security researcher at Peckshield, noted:

dApps on EOS started to explode since September, and the number grew rapidly in October. But with EOS, [dApps] are getting hotter [or being more widely used], [but then] the group-controlled accounts [have also] started to emerge.

While there are 571,000 accounts that have been created on the EOS network, cybersecurity firm Peckshield has learned that the creators of the group accounts (controlled by multiple users) are likely being used by cryptocurrency bounty hunters and “click farms.” Shi’s research team also believes that the nature of the activity associated with these types of accounts is not healthy for the long-term growth and development of the EOS platform.

27 DApps With Major Vulnerabilities, $740,000 In EOS Tokens Now Stolen

Moreover, there were 27 dApps identified by Peckshield’s research team that have serious security vulnerabilities, which were not directly related to problems with the EOS blockchain itself. Because of these security holes, users had been able to launch many attacks, resulting in the loss of over 400,00 EOS tokens (worth approximately $740,000 at press time).

Guo Yonggang, a Chinese cybersecurity expert, said most of these attacks appear to be related to several different types of vulnerabilities in EOS-based dApps, which are not linked to issues with how the EOS network was developed. Yonggang believes there could be many cyberattack groups that are actively trying to find and exploit vulnerabilities on the EOS network.

According to Yonggang, this indicates that there could be similar attacks that may be launched in the future (on the EOS network). Notably, the EOS blockchain uses the delegated proof-of-stake (DPos) consensus protocol. DPos requires that EOS token holders vote for block producers, who are then elected based on the number of votes they’ve received.

The block producers, or delegates, are responsible for validating transactions on EOS. However, this has led to mutual voting and “payoffs” between delegates, which was revealed through a leaked document. So, it appears that the EOS network is not only dealing with governance issues, but also the dApps launched on its network are vulnerable to attacks.