Why it matters - A hacker has stolen 2.09 million EOS coins after one of the 21 EOS Block Producers failed to update its blacklist.
What is the issue - EOS42 also known as EOS Go said in a community post that one of its users had their EOS account compromised by a hacker on February 22, 2019.
The big picture - Upon learning the hack, the user followed a normal security procedure that was hard-coded inside the EOS blockchain code to enable the blacklisting of malicious accounts.
“This scenario played out in the last 24hrs when a newly rotated top 21 BP failed to apply the blacklist. Unfortunately, one blacklisted account holding [2 million] EOS began to be emptied,” EOS42 said.
The EOS block producer who failed to update its blacklist was identified as games.eos, a EOS-based blockchain gaming platform, which recently entered the top 21 block producer ranking and was not running an up-to-date blacklist.
What actions were taken - After EOS42 made a community post in Telegram, the Huobi Global froze the accounts to which the hacker sent the stolen funds.
“On Feb 22 at 17:35 (GMT+8), the Huobi Security team monitored that #ECAF (EOS Core Arbitration Forum) blacklisted accounts had sudden flow of assets into Huobi accounts. These $EOS accounts have subsequently been frozen, including relevant assets related to these accounts,” Huobi Global tweeted.