The attacker managed to steal $7.7 million in cryptocurrency EOS due to the negligence of one of the managers a black list.

Hacking became known on Saturday, February 23, from the Telegram message in the group EOS42, which includes the owners of the cryptocurrency EOS. As mentioned in the message, 22 Feb account EOS one of the users was compromised. Upon discovering the hacking, the user has fulfilled all the requirements in accordance with sewn into the blockchain the standard instructions on making compromised accounts on the black list.

This statement implies a notice of 21 “manufacturer block” (the term for the most productive miners EOS) on the compromised cryptocurrency wallet. These “producers block” should add the address to the black list to cryptocurrency exchanges could block the transfer of funds.

“Each of the 21 manufacturer of the blocks has to update the blacklist. If at least one of them will not update blacklist, hacked accounts can be devastated. That is what happened in the last 24 hours, when a new generation of producers units had not updated the blacklist. Unfortunately, one of the compromised wallets, containing 2 million the EOS, has already begun to be emptied”, — said the participants EOS42.

Manufacturer of blocks, not updated on time black list, were platform games.eos to develop blockchain-based games EOS, recently included in the top 21 producers of blocks. The attackers were able to transfer with a hacked wallet of 2.09 million EOS for multiple accounts in multiple cryptocurrency exchanges. Platform Huobi has frozen the accounts where the criminals transferred the money, but they are still a tidy sum, as example Huobi followed, not all of the exchange.

In connection with the incident EOS42 proposes to amend the instructions so that the list was updated only 15 of the 21 producers of blocks.

Source: https://www.securitylab.ru/news/498151.php