Report: Over 400k EOS Tokens Stolen, More Than 200k Dormant EOS Accounts

EOS, the blockchain-based cryptocurrency platform for building vertically and horizontally scalable decentralized applications (dApps), was recently analyzed by cybersecurity firm, Peckshield.

According to the findings of Peckshield’s research, there are over 500,000 EOS accounts that have been opened since the crypto platform went live in June 2018. Out of more than half a million accounts, there are about 120,000 EOS accounts being controlled by certain groups, the security firm noted.

Over 200,000 EOS Accounts Are Dormant, Many Accounts Used By Bounty Hunters

The researchers also found that over 200,000 (roughly 37%) EOS accounts have been dormant since they were created. Commenting on the nature of the activity on EOS’ blockchain, Shi Huaguo, the senior security researcher at Peckshield, noted:

dApps on EOS started to explode since September, and the number grew rapidly in October. But with EOS, [dApps] are getting hotter [or being more widely used], [but then] the group-controlled accounts [have also] started to emerge.

While there are 571,000 accounts that have been created on the EOS network, cybersecurity firm Peckshield has learned that the creators of the group accounts (controlled by multiple users) are likely being used by cryptocurrency bounty hunters and “click farms.” Shi’s research team also believes that the nature of the activity associated with these types of accounts is not healthy for the long-term growth and development of the EOS platform.

27 DApps With Major Vulnerabilities, $740,000 In EOS Tokens Now Stolen

Moreover, there were 27 dApps identified by Peckshield’s research team that have serious security vulnerabilities, which were not directly related to problems with the EOS blockchain itself. Because of these security holes, users had been able to launch many attacks, resulting in the loss of over 400,00 EOS tokens (worth approximately $740,000 at press time).

Guo Yonggang, a Chinese cybersecurity expert, said most of these attacks appear to be related to several different types of vulnerabilities in EOS-based dApps, which are not linked to issues with how the EOS network was developed. Yonggang believes there could be many cyberattack groups that are actively trying to find and exploit vulnerabilities on the EOS network.

According to Yonggang, this indicates that there could be similar attacks that may be launched in the future (on the EOS network). Notably, the EOS blockchain uses the delegated proof-of-stake (DPos) consensus protocol. DPos requires that EOS token holders vote for block producers, who are then elected based on the number of votes they’ve received.

The block producers, or delegates, are responsible for validating transactions on EOS. However, this has led to mutual voting and “payoffs” between delegates, which was revealed through a leaked document. So, it appears that the EOS network is not only dealing with governance issues, but also the dApps launched on its network are vulnerable to attacks.

Bitcoin ‘Sextortion’ Scheme Netted Cybercriminals Over $330,000

Blackmailers have reportedly managed to rake in over $330,000 worth of bitcoin, the flagship cryptocurrency, through an email-based ‘sextortion’ campaign that has been ongoing since at least 2017, and saw its activity surge last year.

According to a report published by UK firm Digital Shadows, the cybercriminals received said amount from over 3,100 unique BTC addresses. The funds ended up in 92 different bitcoin addresses believe to belong to the same organization, that could reportedly be making an average of $540 per victim.

The firm’s report, first spotted by The Next Web, tracked a sample of 792,000 emails sent to victims. The ‘sextortionists’ reportedly sent them an email that would include a known password as “proof” they hacked them, and claimed to have video evidence of them seeing adult content online.

The threat was that the video would be published online, if a ransom in BTC wasn’t paid. Last year, Cornell University computer science professor Emin Gün Sirer warned potential victims to “never pay, never negotiate” with cybercriminals trying to extort them.

Per Sirer, the emails were being sent to every email account on the popular website haveibeenpwned, which shows whether emails addresses had their data leaked on well-known online security incidents.

A Sophisticated Operation

The UK firm’s report seems to show the ‘sextortion’ operation was a sophisticated one, as scammers were seemingly trying to hire more people to help them target high-net-work individuals.

These hires could be getting high salaries, up to $768,000 a year, if they had experience in network management, penetration testing, and programming. The cybercriminals have notably also been using social media to target their victims.

The scammers’ capabilities are said to have varied in skill, as while some struggled to distribute a large amount of emails that could get past email server or spam filters, others managed to show high levels of sophistication, with emails sent from accounts specifically created for the campaigns.

Moreover, these campaigns were launched on a global scale, as the servers the emails came from were in five different continents. The highest amount of emails came from Vietnam, Brazil, and India. These servers could, however, have been compromised by the scammers as well.