EOS security: High-risk account alert, PeckShield warns of theft from ‘rainbow’ attacks
It is fair to say, EOS is going through a bad time. After repeated delays, the MainNet launch took place but the events that followed including freezing accounts cannot be counted as pleasant. To add to that, now a blockchain security company, PeckShield came up with another bad news for the users.
The blockchain security company recently analyzed the security of EOS accounts and found that some users were using a secret key to serious security risks. The found that the main cause of the problem is that the part of the secret key generation tool allows the users to use a weak mnemonic combination. And, the secret key that’s generated in this way is more prone to "rainbow" attacks. It can even lead to the theft of digital assets.
PeckShield wrote, “The essence of the risk is caused by an improper use of third-party EOS key-pair generation tools, including but not limited to EOSTEA. With user-provided seeds, these tools greatly facilitate users to generate their EOS key pairs.”
They also added a solution saying, “…if a simple seed is chosen (by the user) and allowed (by the tool), the generated keys might be exposed and exploited by launching the rainbow table attack (or dictionary attack).” They mentioned in their blog that in order to protect affected holders, PeckShield will be launching a public service known as EOSRescuer.
Solution to EOS security issue
The Blockchain security company plans to rescue the high-risk accounts -- vulnerable to rainbow attacks. They mentioned how they would do it -- they would first create a secure EOS account, next, make a makeshift arrangement so that they can transfer the EOS balances from vulnerable accounts to the secure one. After that is done, they will return the transferred balances back to original users in a transparent and verifiable way.
Other Related Articles
Join our Telegram group