SlowMist Cybersecurity Firm Finds EOS Fund Transfer Vulnerability, OKEx Exchange Makes Mention
EOS, the fifth largest digital currency in the market, seems to be affected by a new vulnerability. This issue was found by SlowMist, a cybersecurity firm from China. Users can register EOS deposits without having to transfer the funds. In addition to SlowMist, the recognized virtual currency exchange OKEx has confirmed the vulnerability.
False To-Up Vulnerability on EOS
EOS is one of the largest platforms that developers use to build and deploy decentralized applications (dApps). However, it can be affected by a vulnerability that was discovered by a cybersecurity firm in China and confirmed by the crypto exchange OKEx.
SlowMist released a blog post in which they explain how this issue is affecting the network. They say that if a cryptocurrency exchange, wallet or another platform have a breach in judging execute status of EOS transactions, it could be related to a “false top-up.” That means that an attacker has deposited EOS to these platforms without having transferred the funds.
SlowMist, which focuses on blockchain security, explained that real attacks occurred. They also explain that the “false top-up” of EOS is similar to the USDT “false top-up” and to the Ethereum “false top-up.”
The security firm says that exchanges and platforms should stop EOS deposits as soon as possible if they are not confident with the deposit process they have.
About it, the firm explained:
“The platform should be responsible for this. Since this is a new type of attack, and the attack is already happening, if other platforms are not fully confident of their own deposit process verification, they should suspend the EOS deposit as soon as possible and double check the process.”
The cybersecurity firm wrote that they will be releasing specific attack details in the near future.
OKEx wrote on Twitter that they are aware of the vulnerability that EOS is currently experiencing. Moreover, the exchange stated that they are not exposed to it. They have also said to the community that their funds are safe and secure on their platform.
Exchanges have been attacked on several occasions, resulting in the loss of millions if not billions of cryptocurrencies in the last years. Users should ask their exchanges about how the situation looks like and what to do in the future with their assets.
As mentioned before, EOS is the fifth largest digital asset in terms of market capitalization with a valuation of $3.31 billion. Each EOS can be purchased for $3.65.
This is not the first time that EOS registers a vulnerability with its funds. Just in February, some users reported that 2.09 million EOS coins were transferred by a blacklisted EOS account.
Moreover, researchers at PeckShield, found that there were 27 different EOS dApps that had vulnerabilities that could be used by hackers to steal funds. Indeed, more than 400,000 EOS coins were stolen.
We are aware of the vulnerability with $EOS deposit. And we confirm that OKEx is NOT exposed to the vulnerability. Please rest assured that your assets are safe and secure with us.https://t.co/DHwYS4R519#okexannouncement @SlowMist_Team
— OKEx (@OKEx) March 12, 2019