360 discovered an epic blockchain vulnerability that can completely control virtual currency transactions

Recently, the Vulcan team of 360 company discovered a series of high-risk security vulnerabilities in the blockchain platform EOS. It has been verified that some of these vulnerabilities can remotely execute arbitrary code on EOS nodes, that is, all nodes running on EOS can be directly controlled and taken over through remote attacks.

In the early morning of the 29th, 360 immediately reported the vulnerability to EOS officials and assisted them in fixing the security risks. The person in charge of the EOS network said that the EOS network would not be officially launched until these problems were fixed.

Blockchain vulnerabilities that could cripple digital systems

Vulnerabilities in traditional software may be exploited to launch cyber attacks, resulting in data and privacy leaks and even impacts on real life. However, digital currency itself is a financial system, and security vulnerabilities in digital currency and blockchain networks often have more serious and direct impacts.

Due to the decentralized computing characteristics of blockchain networks, a security vulnerability in the implementation of a blockchain node may cause thousands of nodes to be attacked. Even a denial of service vulnerability that is considered relatively less harmful in the field of traditional software vulnerabilities may cause a storm attack that paralyzes the entire network in the blockchain network, causing a huge impact on the entire digital currency system.

EOS super node attack: virtual currency transactions are completely controlled

In the attack, the attacker will construct and publish a smart contract containing malicious code, and the EOS super node will execute the malicious contract and trigger the security vulnerability. The attacker will then use the super node to package the malicious contract into a new block, which will cause all full nodes in the network (alternative super nodes, exchange deposit and withdrawal nodes, digital currency wallet server nodes, etc.) to be remotely controlled.

Since the attacker has complete control over the node system, he can do whatever he wants, such as stealing the keys of EOS super nodes, controlling the virtual currency transactions of the EOS network, and obtaining other financial and privacy data in the EOS network participating node system, such as digital currencies in exchanges, user keys stored in wallets, key user information and privacy data, etc.

What's more, attackers can turn nodes in the EOS network into members of a botnet, launch network attacks, or become free "miners" to mine other digital currencies.

Blockchain network security risks need urgent attention

  EOS is a new blockchain platform known as "Blockchain 3.0". Its token market value is currently as high as 69 billion yuan, ranking fifth in the world in terms of market value.

In the blockchain network and digital currency system, there are many attack surfaces in nodes, wallets, mining pools, exchanges, smart contracts, etc. The 360 ​​security team has previously discovered and exposed multiple serious security vulnerabilities in digital currency nodes, wallets, mining pools and smart contracts.

The series of new security vulnerabilities discovered by the 360 ​​security team in the smart contract virtual machine of the EOS platform are unprecedented security risks. No security researchers have discovered such problems before. This type of security problem not only affects EOS, but may also affect other types of blockchain platforms and virtual currency applications.

360 said that it hopes that through the discovery and disclosure of this vulnerability, the blockchain industry and security peers will pay more attention and concern to the security of such issues, and jointly enhance the security of blockchain networks.