As a result of the attack, the EOS network is in ‘congestion mode.’
It seems that the scale of the attack is much larger than we originally expected.— Dexaran (@Dexaran) September 13, 2019
These are attacker's accounts:https://t.co/wdeRVVHT4Vhttps://t.co/euC2gEncj7https://t.co/7mrpdRfGLihttps://t.co/Wsl578HVPahttps://t.co/I0aTR8OvbQhttps://t.co/7ixE6VCoLfhttps://t.co/1QIOQDfDlw
Staked and Allocated EOSThe dynamics of the attack are difficult to explain to someone not familiar with EOS. Essentially, the attacker had some 900,000 EOS staked and allocated to CPU on EOSIO. The hacker proceeded to exploit EOS’s new ‘Resource Exchange’ (REX), which is a marketplace for the risk-free leasing of CPU and network resources. Through the EOS staked, the attacker was able to ‘congest’ the network, thus throttling transactions. As Dexaran (@Dexaran) explains:
The bottom line is that until there’s a fork or a patch, this exploit can easily be used for any EOSIO user who spends more than $1,000 on Resources Exchange. So, the problem goes much deeper than just EOSPlay. In fact, this could affect a whole slew of dApps, likely without people noticing until it’s too late.
2/ Explanation:— Dexaran (@Dexaran) September 14, 2019
Probably the RNG of attacked gambling DApps could use some transactions or data from earlier blocks as a source of entropy.
It's easier to manipulate "previous blocks" when the network is congested and you are the only one having resources to send transactions.
How Scalable?EOS has had a hard time creating a dynamic marketplace for CPU and RAM on its network. As a result, it has struggled with positioning itself as the ‘scalable’ version of Ethereum—an idea which was often touted as a goal. Considering that Block One has some $3 or so billion in its war chest from its year-long ICO, one has to wonder how much of that has been adequately put towards network security. Given recent controversies, it seems not much. Do you believe EOS can quickly patch this issue or does this underscore some fundamental problems with the network? Let us know your thoughts below.
Images are courtesy of Twitter, Shutterstock.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.