EOS has become well-known for freezing compromised user accounts, a practice that prevents attackers from making off with funds. However, the procedure hit a snag on Friday when an EOS block producer didn’t keep up with the latest update, causing one account holder to lose $9 million.
According to EOSGO, a new block producer called games.eos failed to update its blacklist. This prevented an at-risk account from being frozen, and attackers were then able to withdraw 2.1 million EOS. Block producers are now searching for a solution, while Huobi has stepped in to help.
Huobi Freezes Funds
Fortunately, the stolen money may not be lost: Huobi has managed to freeze some of the stolen EOS. The exchange has announced that it detected funds moving out of the blacklisted EOS accounts and onto its own exchange. Huobi quickly froze those accounts, mitigating the problem, at least partially.
Of course, it is possible that the attacker did not transfer all of the stolen funds to Huobi. However, if that is the case, other exchanges may decide to freeze the funds as well. Although no other exchanges have commented, these freezes are fairly common during large attacks and thefts.
Incidentally, Huobi has other ties to EOS. The exchange has been accused of colluding with block producers, while Huobi Pool has served as the top-voted EOS block producer for some time now. However, these facts are not clearly related to Huobi’s decision to freeze funds, which took place on its own exchange.
Searching For a Solution
Meanwhile, EOS block producers have been searching for a solution. The central issue is that, in order to successfully freeze an account, all 21 block producers must participate in the blacklisting process. This is why games.eos was unilaterally able to prevent the account freeze from occurring.
Some block producers have proposed that, as an interim solution, the keys for blacklisted accounts should be “nulled.” Although this would be almost identical to the current blacklisting process, nulling would only require consensus from 15 out of 21 block producers. Consensus is still pending as of today.
EOS42 has urged block producers to reach a decision soon in order to prevent future incidents. In fact, similar incidents have occurred in the past: last June, a block producer called EOSStore failed to update its blacklist. That incident allowed $35,000 of stolen EOS to reach an exchange.
Needless to say, this is not a good situation, and criticism is coming from several directions. Some are suspicious of games.eos itself. The block producer was elected very suddenly and is still on standby, despite its demonstrated lack of ability. Some have speculated that collusion rather than fair voting allowed this to happen. One Redditor writes:
“This news should see this BP punished by removal of votes, that this is unlikely to happen is EOS’s #1 issue. Accusations of cartels have merit and what impact REX [resource renting] will have remains to be seen.”
Meanwhile, some are critical of the freezing process itself. EOS is one of the few blockchain platforms that has the capacity to freeze user funds, and past account freezes have caused massive amounts of controversy. Even if this situation is resolved successfully, it is unlikely to reflect well on EOS, and the incident could break the coin’s recent price surge.