A cyberattack on what’s been described as a “decentralized” token exchange reportedly has led to a $58,000 theft and an illustration of a “shocking security vulnerability.”
According to a report in The Next Web, hackers flooded the exchange with “one billion fake EOS.” EOS refers to “a decentralized operating system [that] is developed to support decentralized applications in commercial scale by providing them [with] all the essential support and features,” as per one common definition. “The EOS token is taken as a cryptocurrency in ICO.”
The EOS network recently took the top spot in an evaluation of blockchain networks by China’s Ministry of Industry and Information Technology (MIIT), CoinDesk reported. EOS was followed by Ethereum in second place, with NEO rated third. Bitcoin, however, is far behind, taking 17th place. The list seeks to “evaluate the development level of global public-owned chain technology” and “accurately grasp the trend of blockchain.”
As for the attack, TNW said “the hackers created a new EOS-based token, ironically named EOS, and used it to illegitimately purchase BLACK, IQ and ADD tokens from exchange service Newdex. The company has since confirmed the hack.”
The people behind that attack “eventually traded the collection of tokens for real EOS cryptocurrency,” the report said. “Newdex later revealed the attackers managed to siphon 4,028 real EOS (approximately $20,000) to cryptocurrency exchange desk Bitfinex. Ultimately, it’s the Newdex dApp users left to suffer losses, which amount to roughly $58,000.”
According to TNW, “the vulnerability appears to stem from two things: First, anyone can create a token using EOS, and they can name it anything they want – apparently, even ‘EOS.’ All you need is an EOS account.”