The tech security company Qihoo 360, deploying its Vulcan Team, has discovered a key vulnerability in the EOS blockchain platform.
360 and It’s Vulcan Team say that the security issues they discovered are “on an epic scale.” They found that the vulnerabilities that have been discovered can allow for code on the EOS platform to be executed remotely on EOS nodes. This means that a remote attack can let potential malicious actors control or alter all nodes running on EOS.
“Since the system of the node is completely controlled, the attacker can ‘do whatever it wants’, such as stealing the key of the EOS super node, controlling the virtual currency transactions of the EOS network; and acquiring other financial and privacy data in the EOS network participating node system — such as a user’s key stored in the wallet, key user profiles, privacy data, and more,” 360 warned.
Qihoo 360 is the biggest tech security company in China and for them to find a blockchain weakness will ring through the industry and bring awareness to the possibility of security breaches in the blockchain sector. They claim that the discovery could apply to not only EOS but other blockchain platforms as well.
“360 hopes that the discovery and disclosure of this loophole will cause the blockchain industry and security peers to pay more attention to the security of such issues and jointly enhance the security of the blockchain network.”
The team at EOS believes the security issue is being overstated. Roshan Abraham, the Head of Technology at EOS said that the “virtual machines used in EOS is web assembly. Web assembly is actively developed by Google, Microsoft and other major companies. It is highly unlikely to have VM issues. It is most likely to be a specific issue with nodes.”
Daniel Larimer, the blockchain industry veteran and CTO of EOS referred to this issue as “FUD” on social media and announced that the problem was already fixed. He also assured the public that despite this news, the EOS mainnet launch will be on time.
While the EOS team delivers a confidant message regarding the security of its product, some find it strange that the company was offering bounties to find “catastrophic” bugs in the platform just days before the release its mainnet. Charlie Lee, the creator of Litecoin, expressed this exact concern on Twitter amidst the recent controversy.
The blockchain industry could benefit from companies like Qihoo 360 finding and helping to correct weaknesses, but progress in these respects could be halted by the social media sniping we often see in the cryptocurrency space.