Report: Over 400k EOS Tokens Stolen, More Than 200k Dormant EOS Accounts

EOS, the blockchain-based cryptocurrency platform for building vertically and horizontally scalable decentralized applications (dApps), was recently analyzed by cybersecurity firm, Peckshield.

According to the findings of Peckshield’s research, there are over 500,000 EOS accounts that have been opened since the crypto platform went live in June 2018. Out of more than half a million accounts, there are about 120,000 EOS accounts being controlled by certain groups, the security firm noted.

Over 200,000 EOS Accounts Are Dormant, Many Accounts Used By Bounty Hunters

The researchers also found that over 200,000 (roughly 37%) EOS accounts have been dormant since they were created. Commenting on the nature of the activity on EOS’ blockchain, Shi Huaguo, the senior security researcher at Peckshield, noted:

dApps on EOS started to explode since September, and the number grew rapidly in October. But with EOS, [dApps] are getting hotter [or being more widely used], [but then] the group-controlled accounts [have also] started to emerge.

While there are 571,000 accounts that have been created on the EOS network, cybersecurity firm Peckshield has learned that the creators of the group accounts (controlled by multiple users) are likely being used by cryptocurrency bounty hunters and “click farms.” Shi’s research team also believes that the nature of the activity associated with these types of accounts is not healthy for the long-term growth and development of the EOS platform.

27 DApps With Major Vulnerabilities, $740,000 In EOS Tokens Now Stolen

Moreover, there were 27 dApps identified by Peckshield’s research team that have serious security vulnerabilities, which were not directly related to problems with the EOS blockchain itself. Because of these security holes, users had been able to launch many attacks, resulting in the loss of over 400,00 EOS tokens (worth approximately $740,000 at press time).

Guo Yonggang, a Chinese cybersecurity expert, said most of these attacks appear to be related to several different types of vulnerabilities in EOS-based dApps, which are not linked to issues with how the EOS network was developed. Yonggang believes there could be many cyberattack groups that are actively trying to find and exploit vulnerabilities on the EOS network.

According to Yonggang, this indicates that there could be similar attacks that may be launched in the future (on the EOS network). Notably, the EOS blockchain uses the delegated proof-of-stake (DPos) consensus protocol. DPos requires that EOS token holders vote for block producers, who are then elected based on the number of votes they’ve received.

The block producers, or delegates, are responsible for validating transactions on EOS. However, this has led to mutual voting and “payoffs” between delegates, which was revealed through a leaked document. So, it appears that the EOS network is not only dealing with governance issues, but also the dApps launched on its network are vulnerable to attacks.

Weekly Newsletter

Israeli Hacker Indicted For $1.75 Million Cryptocurrency Theft

A hacker from Tel Aviv named Eliyahu Gigi was recently indicted for his alleged role in stealing roughly NIS 6.1 million (or $1.75 million) in cryptocurrencies from people in numerous different countries, including Germany, Belgium and the Netherlands.

According the indictment filed this week, Gigi operated numerous scam websites that infected computers with malware that would steal cryptocurrencies that were stored on the devices.

The hacker stole nearly $2 million worth of bitcoin, ethereum, and dash, before they were arrested in June of this year. Gigi carefully covered his tracks by attempting to use remote servers and doing his best to conceal the cryptocurrencies and the wallet addresses that they were stored in.

He then transferred the currencies between different wallets, split them into different cryptocurrencies and used other tactics to obfuscate the ownership of the funds.

During the investigation, it was initially suspected that Gigi was guilty of stealing $100 million, however, once the investigation was concluded, that number was significantly scaled down to less than $2 million.

According to the Israeli publication Globes the investigation was conducted by the Israeli Police's cyber unit, and led to the arrest of Gigi and his younger brother, a 22-year-old demobilized soldier. The news outlet adds:

At the outset of the investigation, suspicions were raised that the two brothers had stolen $100 million from digital accounts kept in bitcoin through an international fishing fraud. The indictment eventually filed was against only the older brother, and the initial suspicions that $100 million had been stolen were scaled down to NIS 6 million. [$1.75 million]

Police were initially tipped off to the crime after receiving reports the hacker was sending messages to users on cryptocurrency forums, directing them to a website that claimed to offer wallet management software.

Some of the users who received the message thought that the website looked suspicious. Worried about their security, they reported the websites and Gigi's forum accounts to police.