Hacker compromised EOS user account and stole 2.09 million EOS cryptocurrency coins

• A hacker has stolen 2.09 million EOS coins after one of the 21 EOS Block Producers failed to update its blacklist.
• The Huobi Global froze the accounts to which the hacker sent the stolen funds.

Why it matters - A hacker has stolen 2.09 million EOS coins after one of the 21 EOS Block Producers failed to update its blacklist.

What is the issue - EOS42 also known as EOS Go said in a community post that one of its users had their EOS account compromised by a hacker on February 22, 2019.

The big picture - Upon learning the hack, the user followed a normal security procedure that was hard-coded inside the EOS blockchain code to enable the blacklisting of malicious accounts.

• The security procedure notifies the top 21 Block Producers of the malicious account's EOS address.
• The top 21 block producers would then update a blacklist of banned EOS addresses that cryptocurrency exchanges would use to ban malicious accounts.
• This will freeze the hacked account and will prevent hackers from moving the stolen funds.
• However, the security procedure failed to prevent hackers from stealing funds as one of the 21 EOS Block Producers failed to update its blacklist.
• As a result, the hacker moved 2.09 million EOS coins from the hacked account to several accounts at various cryptocurrency exchanges.

“This scenario played out in the last 24hrs when a newly rotated top 21 BP failed to apply the blacklist. Unfortunately, one blacklisted account holding [2 million] EOS began to be emptied,” EOS42 said.

The EOS block producer who failed to update its blacklist was identified as games.eos, a EOS-based blockchain gaming platform, which recently entered the top 21 block producer ranking and was not running an up-to-date blacklist.

What actions were taken - After EOS42 made a community post in Telegram, the Huobi Global froze the accounts to which the hacker sent the stolen funds.

“On Feb 22 at 17:35 (GMT+8), the Huobi Security team monitored that #ECAF (EOS Core Arbitration Forum) blacklisted accounts had sudden flow of assets into Huobi accounts. These $EOS accounts have subsequently been frozen, including relevant assets related to these accounts,” Huobi Global tweeted.