EOS dApp Used Blockchain Backdoor To Remove Tokens From User’s Wallets Without Their Consent

EOS has recently been in the news following the revelation that an EOS decentralized application (dApp) could access users’ token wallets without their consent through the use of a backdoor technique. More specifically, this EOS dApp is called Trybe, and describes itself as a ”tokenized knowledge sharing network for the crypto and blockchain community”. Issues first arose when Trybe were set to distribute tokens to user accounts through a token airdrop.

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as ‘Blockchain 3.0,’ that allows developers to build decentralized applications over blockchain infrastructure, just like Ethereum. Discovered by Chinese security researchers at Qihoo 360—Yuki Chen of Vulcan team and Zhiniang Peng of Core security team—the vulnerability is a buffer out-of-bounds write issue which resides in the function used by nodes server to parse contracts.