twitter.com
i'm so glad I dumped all my EOS for ADA, I always knew Cardano had a better team and wouldn't have these type of problems.
A SERIES OF VULNERABILITIES FOUND ON EOS!!
Christian Young
Other urls found in this thread:
blogs.360.cn
twitter.com
Aaron Hughes
Has anyone official said anything yet? A Chinese anti-malware company with a shady reputation is kind meh.
Liam Rodriguez
Fucking KEK.
Nathaniel Myers
This fud again. They found the issues not exploited them post-release. It's what the testnet is designed for and is open source at work.
Jack Taylor
>find bug
>help EOS repair the bug
>get 10k
>EOS moons because it has been fixed and proven reliable
Mason Harris
>shady reputation
>fud
you faggots don't know what you are talking about. 360 security has some of the best infosec researchers/exploiters in the world. just google "pwn2own 360" to see what I'm talking about.
Ian Evans
DUMP EET
Connor Gray
>you faggots don't know what you are talking about. 360 security has some of the best infosec researchers/exploiters in the world. just google "pwn2own 360" to see what I'm talking about.
Sure
They are also super pro ETH. Also they are the only ones saying this and they are claiming that EOS mainnet is pushed back without blockone saying anything first.
Say what? I mean I know you want your fud to be super scary and shit but I mean, at least try to be effective.
Owen Morgan
this.
Daniel Morales
if you have a blockchain that is meant to be made by a genius and has this calibre of a vulnerability inside it this close to release, he aint a genius and the end product isnt going to be trusted by any serious calibre entities.
end of.
Dylan Rivera
I don't know their motivation for publishing the vulnerability. also, the account in OP's pic/link may have NOTHING to do with the authors.
if the vulnerability is confirmed, then the ones who bought EOS are fucked anyway.
Charles Richardson
Yeah thank his ETH adding have any glaring bugs that cost a bunch of people tons of money and necessitated a hard fork. That’d be embarrassing.
Wyatt Cox
> The DAO was never hacked, EOS was a success right from the start.
Jayden Harris
i've been saying... they make lots of claims but it's main net is not even out.
ETH has had several years of running main net to work out the bugs
DAO hack was a poorly written smart contract, not a security flaw in ETH's code
John Lopez
no, this is not what a testnet is for. this is what appropriate dev process is for - cardano has it, eos does not
Lucas Sullivan
So taking a look at one of the reddit posts. Does anyone know.
> In an attack, an attacker constructs and publishes a smart contract containing malicious code. The EOS super node will execute this malicious contract and trigger a security hole. The attacker then re-uses the super node to package the malicious contract into a new block, which in turn causes all full nodes in the network (alternate super node, exchange reload point, digital currency wallet server node, etc.) to be controlled remotely.
Can anyone confirm if EOS has a wallet server node?
And also does this even make sense?
> What's more, the attacker can turn a node in the EOS network into a member of a botnet, launch a cyber attack or become a free "miner" and dig up other digital currencies.
This seems weird. How do you dig up other currencies? This seems really weird like how is this even possible given the tech?
> Since the system of the node is completely controlled, the attacker can "do whatever it wants", such as stealing the key of the EOS super node, controlling the virtual currency transaction of the EOS network; acquiring other financial and privacy data in the EOS network participating node system, such as an exchange Digital currency, the user's key stored in the wallet, key user profiles, privacy data, and more.
User profiles and privacy data? Is anything ever going to be private on the blockchain? Didn't Larimer claim this would never be possible so why bother?
User profiles and privacy data???
Noah Ramirez
I guess "privacy data" is usually stuff like credit card info and your address ect. Is EOS going to be KYC compliant? Did they just leak this info?
Jacob Murphy
ETH going up boys!
Charles Hernandez
everything is going up.
Camden Howard
Holy shit you are technically retarded. All of this stuff is possible if you have a remote code execution exploit. Remote code execution exploit means an attacker can completely take over the machine remotely and make it do whatever it wants. It basically means you can write a virus onto the EOS blockchain that will literally spread through the blockchain and take over any computer running an EOS node that downloads the block. The only thing that may not be possible is stealing customer keys (if the node is from an exchange) because they may not be colocated with the node. They probably will be though.
If I had more time and more desire I would take a wack at writing one that takes over the hashing power of the nodes and uses it to perform a 51% attack against another crypto.
Logan Foster
>All of this stuff is possible if you have a remote code execution exploit.
Sure, its technically possible. I mean, anything is technically possible in this case.
Bentley Smith
buggy contracts != highest severity exploit in the entirety of software, that in the context of blockchain would have catastrophic consequences
Jason Edwards
>User profiles and privacy data? Is anything ever going to be private on the blockchain?
Apparently the bug is present both on eos nodes and wallets, so anyone running it (including exchanges) would be hackable.
It sucks they released the info now. Imagine the crash if someone exploited it after launch.
David Bennett
(You)
> buggy contracts != highest severity exploit in the entirety of software, that in the context of blockchain would have catastrophic consequences
Granted. This is how shit went bad with the DAO too right?
>Apparently the bug is present both on eos nodes and wallets, so anyone running it (including exchanges) would be hackable.
>It sucks they released the info now. Imagine the crash if someone exploited it after launch.
Well it seems news came out an hour ago talking about it. Talked about the bug and it was real. They fixed it last month apparently.
So it did exist. Yikes
Matthew Kelly
nah, DAO was still a buggy contract. The exploit used in the contract was re-entrancy, partly blamed by a poor inbuilt ETH function that isnt used any more but still wasnt a ETH platform vulnerability.
Michael Collins
Why would they expose it? Why wouldn’t they wait for mainnet and short + steal all EOS and become rich as fuck. They’re chinks after all.
Christopher Gonzalez
No they tried to fix it today and failed
"the fixing is still have problem on 32-bits process and not so prefect."
blogs.360.cn
Charles Davis
Its worse than that. You could launch a botnet attack against someone. You could steal exchange mastey keys/customer keys for various cryptos.
Thomas Anderson
Q passed away and it wasn't suicide as reported
RIP Q, truth will reveal itself in time
Blake Ortiz
Every one knew there were vulnerabilities, Vitamin told about this weeks ago. EOS is just a cash grab.