Connect with us

EOS

Report: 75% of EOS Transactions Churned By Bots

Published

on

A damning report released by AnChain.AI has brought to the light the fact that over $6 million worth of transaction on the EOS platform is made by bots. AnChain.AI is a tech firm that provides the blockchain ecosystem with AI-powered security, and it said that the bot activity, which was both malicious and rampant run up those values in Q1 2019. The study is supposed to be the most immense of its kind done on malicious bots running on the EOS ecosystem.

In addition, the study also found out that at least 51 percent of all unique EOS accounts and 75 percent of all transactions as well were bot-driven. EOS is currently ranked as the 6th largest coin with a market cap of $6,587 million, changing hands at $6.32. However, the bot activity mentioned in the report threatens the integrity of such crypto market data.

It, for instance, affects the outcome of metrics such as transaction volumes, user activity and daily volumes. These metrics often play a crucial role when investors are gauging a coin’s technological validity.

EOS Market Data Is Manipulated

Consequently, if the data available has been manipulated through bot activity, it becomes impossible to get a clear picture of the future of the project. The AnChain study also examined transaction data from the top ten EOS dApps, which are gambling platforms. This group of dApps produce over 65 percent of all the transaction volumes on the EOS dApp sector. Using AI, AnChain could segregate hyperactive or repetitive accounts that were clearly malicious bots.

AnChain CEO, Victor Fang, hypothesized that these malicious bots had been programmed to congest the EOS system, increase its liquidity, boost its ranking, and reap dividend payouts on the dApp. He also suggested that perhaps the bots were on a targeted attack on the dApp.

He went on further to highlight a similar case where five Ethereum addresses used 50,000 malicious bots to get away with $4 million by exploiting a flaw in a gambling game.

A Chain of Unfortunate Events

EOS has been on the receiving end of particularly bad news recently, with the Dapp getting a downgraded rating by U.S based Weiss Ratings. The financial research firm said that EOS has a significant centralization problem in a report published on June 7.

The move is a rather drastic one because Weiss Ratings had just recently placed EOS besides BTC and XRP in its emerging trends report on crypto markets. At the time the firm had awarded EOS an A grade as Ethereum’s challenger and the “backbone of the new internet.”

Similarly, the blockchain platform developed by Dan Larimer has also been called out by a BitMex Research. The 17,000-word report further suggests that after thorough and extensive lab-based tests, EOS real-world applications are not any different from Ethereum’s.

Its lack of decentralization has been one of the glaring failures of the EOS platform. The BitMex Research report settles the matter, concluding that:

 “There is no proper protocol that is set up to prevent block producers from colluding to maintain their role as block producers. This further proves the high level of centralization that exists in the EOS network and the tremendous power these block producers possess.”

News Source

EOS

Understanding the exploit that made EOS.IO “unusable” for two hours

Published

on

On Sept. 13, an attacker flooded the EOSIO network to drain $110,000 in EOS from a gambling dApp. During the process, many user-facing applications were unusable due to congestion. Here’s how the hacker did it, in detail.

Basics of the network congestion exploit

Four days ago, an attacker pushed the EOS network into “high congestion mode” as part of a smart contract exploit. The maneuver temporarily made some free network resources unavailable, making many applications on the network “unusable” to smaller token holders for over two hours.

Although the network was still accessible (for example, a block explorer would still work), many were “prevented from publishing updates” or “doing anything actively on the chain” unless they paid for prohibitively costly network resources.

At the peak of network congestion, it required nearly 12 EOS to make a single feeless transaction on the network, said one community member. For context, Most blockchains attach a fee directly to transactions. EOSIO allows users to stake their tokens in exchange for network resources.

The attacker was able to rent a huge amount of network resources on a recently opened resource exchange. These resources were leveraged to select which valid transactions would get included on the blockchain to manipulate gambling dApp outcomes.

During this time, the maintainers of the gambling dApp did not have enough EOS on hand to take their contract offline (or take any preventative actions at all). This allowed the attacker to drain the smart contract for 30,000 EOS, at the cost of 300 EOS in rented network resources, at their leisure.

Identifying the attacker

Beginning Aug. 17, the user “mumachayinmm” started conducting tests against a variety of gambling dApps. After just under a month of testing, mumachayinmm rented the equivalent of 1.45 million EOS in network resources.

Previously, this would have required some $5.8 million in tokens. But REX, a new service launched in May, allows users to stake their EOS for security and voting purposes while selling the network resources their stake entitles them to. After REX, 1.45 million EOS in network resources cost just $1,200.

Resources on the attacker's account
Source: Bloks.io

On Sept. 13, mumachayinmm started flooding EOSIO with hundreds of thousands of transactions.

Spam transactions
Sample of some of the attacker’s spam transactions. Source: Bloks.io

Technical details behind the gambling dApp exploit

EOSPlay is a decentralized gambling dApp that offers games such as poker and dice. What made the service exploitable was how it generated random numbers for these games.

Instead of using a secure source of randomness, EOSPlay used the EOSIO blockchain as its source of entropy. Unfortunately, information on a blockchain can be manipulated.

As an example, on Bitcoin miners who find a block get to select which transactions are included at their discretion, so long as they’re legal transactions. Theoretically, if a dApp used transactions on Bitcoin to make calculations then large miners could game it.

On EOSIO, a similar way to manipulate the blockchain is to amass enough network resources to include whichever transactions are desired over all other users.

Specifically, what the attacker did was put deferred transactions into each block, said Dexaran, a respected smart contract developer. These blocks were the ones EOSPlay used to calculate random numbers.

By monopolizing network resources, the attacker could then calculate the random number before the contract could. If the number was a losing number, then the deferred transactions started an “infinite loop,” pushing random number generation to the next block, said Dexaran.

The maneuver allowed mumachayinmm to win on EOSPlay over and over again.

Illicit EOS winnings
Tens of thousands of EOS in illicit winnings. Source: Bloks.io

EOSPlay helpless during the attack

To make matters worse, the maintainers behind the gambling dApp did not stake enough EOS to cover their contract operation costs when EOSIO’s conservative mode was triggered. This was an oversight on the part of the maintainers.

With network resources monopolized the maintainers needed to have enough liquid EOS on hand to ensure a transaction to halt the contract would go through. It appears they didn’t have the tokens on hands, allowing the attacker to bide their time as the contract was drained.

These spam attacks aren’t unique to EOS. Networks such as Bitcoin and Ethereum are also vulnerable to spam attacks should a wealthy token holder wish to pay for them (though they are prohibitively expensive in most cases).

Block.one executives respond

Block.one CTO and creator of EOSIO Daniel Larimer took to Twitter to dispel the “FUD” around the network congestion attacks. He asserted the network was “working as intended”:

Yet, these assertions are in conflict with Larimer’s May 2018 comments while he was touting the “feeless” design of EOSIO:

“On EOSIO, no single user has the ability to saturate the entire network no matter how much money they’re willing to spend.”

Yet, that is exactly what happened during this exploit. The attacker saturated the network by spending a paltry $1,200.

Block.one CEO Brendan Blumer also took to social media to defend EOSIO. Though, he was rather vague on specific actions until pressed by a community member.

If a user stakes EOS they will always have access to network resources, he claims. But the amount will vary substantially, and when paying customers are using it all, it’ll be necessary to pay to maintain the same level of access, stated Blumer.

Issues raised

The recent exploit raises serious questions about the EOSIO blockchain. Jared Moore, an active community member asked: If the network is at risk of sudden spikes in resource cost, how much liquid EOS should developers have on hand to ensure they’re protected? Without guidance, dApp developers will continue to be vulnerable to these kinds of exploits, he argued.

Another issue is access. As EOS gains more usage it’s likely the network will eventually enter a state of constant “high congestion mode,” voiced another enthusiast.

This means developers and corporations, rather than small-time users, will dominate access to resources on the network—raising questions as to who the network is built for. These same corporations could also monopolize resources on the network, said Moore, in essence becoming gatekeepers.

On the bright side, such a scenario would make EOS like owning land, said another commentator, giving the token value through the network resources it entitles the owner to.

Dexaran, a security engineer and the creator of the ERC-223 token standard, made the following suggestion to mitigate future congestion attacks on dApps:

“It would be nice to calculate how much EOS you need to put into a ‘reserve’ account to make sure you have access to your contracts even during harsh congestion,” he commented.

Another community member voiced a need for better ways to calculate staked EOS needs under different network conditions:

“The key issue here is that the community has gotten used to the amount of free transactions they receive when the network is relatively unused. We need better estimates of how much EOS you need staked during different network conditions.”

He went on to describe problems with how staking is treated on the network.

“I also have a really big issue with the fact that EOSIO does not prioritize ‘staking’ transactions. When these conditions happen, folks attempting to stake more EOS should be allowed to (once per account) as a priority transaction. When I’ve paid for huge sums of EOS, it’s ridiculous when I get locked out and can’t allocate more to my account. I can’t ‘pay for more’ even if I wanted to.”

Designing a public blockchain is a complicated business. Things will go wrong. Right now, it’s very costly to build useful apps on any blockchain. Block.one executives should take the lead to make the development experience easier and less risky, paving the way for mass adoption, rather than maintaining hardliner positions that ‘nothing’s wrong.’

News Source

Continue Reading

EOS

EOS Price Analysis and Prediction for September 16th 2019 – Can EOS HODL $4 Support?

Published

on

It’s a great start to a new week for cryptocurrency markets. While there aren’t any big price changes, most markets are in the green today which is a great sign. EOS has finally reached the dreaded $4.0 support level. Let’s take a look at some relevant EOS news and see if anything caused that spike, we will also take a look at the charts and see what they have in store for us.

coinmarketcap
Source: Coinmarketcap

EOS News

The biggest news for EOS, and the main reason the price is exhibiting so much bullish momentum is due to the upcoming EOS version upgrade on September 23rd. As discussed in our previous EOS price prediction:

“THE BIGGEST DEAL ABOUT THE NEW EOS UPGRADE IS THAT IT WILL ALLOW DAPPS TO PAY USERS FOR THEIR CPU POWER.”

This new feature will give EOS a leg up on Ethereum and allow developers to create some truly revolutionary dApps. Ethereum is also gearing up for its ETH 2.0 upgrade on November so the two smart contract platforms are definitely going head to head.

In other not so positive news, NullTX reported how a hacker stole 30,000 EOS by exploiting a gambling dApp. The app in question is called EOSPlay and the hacker used the REX platform which allowed him to stake CPU power and in exchange “negate” other users’ transactions. An extremely clever technique that was going to be used to exploit an app by someone sooner or later.

EOS Price Analysis

eos price chart double top 9/16/19

Relative Strength Index: The RSI is currently at a healthy 43 points. It’s a bit low, but that’s expected given the recent slight price decline.

Bollinger Bands: The price is also leaning towards the low end of the band which most likely means it will stay at the current level for a few more hours at least.

Volume: The volume is surprisingly high at the time of writing. That’s most likely because it’s a start of a new week when market action usually picks up.

Double Top: With the EOS price dropping from a high of $4.15 to a current of $4.09, a double top pattern has formed. This pattern is extremely bearish, but the caveat here is that a double top usually signifies medium to long term trend change. Since we are looking at the 15 minute chart, we are dealing with short term trends. As such, there’s no reason to take the double top too seriously.

EOS Price Prediciton

Because we’re at the start of a new week, and with the EOS and Ethereum upgrades ahead of us, I’m going to predict that EOS will be able to hold the $4.0 support. Even though some news came out about the EOSPlay hack, 30,000 isn’t that significant and won’t have much of an impact on the market. On the other hand, with the new EOS version upgrade coming up in seven days, bullish momentum is in the works for the cryptocurrency.

On another note, it’s important to keep a good eye on Bitcoin’s price movements. As any big swings will have a similar effect on the rest of the crypto markets.

News Source

Continue Reading

EOS

EOS Price Analysis – Bulls are Taking Over the Market

Published

on

EOS price:$4
Key EOS resistance levels:$4.5, $5, $5.6
Key EOS support levels:$3.7, $3.2, $3

*Price at the time of writing

EOS Long Term Trend Price Prediction: Bullish

The mid-year bearish correction seems to be over for EOS EOS, 8.69% as the market shows a positive momentum after relying on the $3 key support since early this month. The latest price growth has currently brought the market to $4, making the EOS price to correct 33% gain over the past 7 days and 8.45% gain under 24-hours of trading.

As we can see on the daily chart, the price is attempting to breakthrough from the descending channel pattern, which has been carving since June. Following yesterday bullish engulfing pattern, we can expect a price push to $4.5, $5 and $5.6 on the upside.

On the other hand, we may as well witness a price pull to $3.7, $3.2 and $3 support if the sellers manage to regain control of the market. A drive below the important support at $3 might lead to a serious bearish action in the market.

EOS is looking bullish on the RSI after bolstering at the 30 level since mid-July. The price is now significantly shooting at the 70 level. The Stochastic RSI is revealing a bullish momentum but appears weak at the overbought zone.

EOS Medium Term Trend Price Prediction: Bullish

The past few days of price increase has made EOS to reach $4 and at the same time testing the channel’s upper boundary. The token may drop if the price action keeps respecting the four weeks channel pattern. However, we can expect the $3.7, $3.5 and $3.2 to provide supports for the market.

Currently, the EOS market has slightly broken above the channel’s upper boundary yesterday. If the break becomes significant, we may see a decent rise to $4.3, $4.6 and $4.9 resistance. But now, the market is yet to give a clear sign for a breakout.

As we can see, the RSI is lying on the overbought region, showing a little bullish weakness, although the buyers may regroup back if the RSI 50 can hold. The Stochastic RSI has reached an overbought area after revealing an ongoing buying pressure in the market. EOS may see a little price drop before rising back.

EOS Short Term Trend Price Prediction: Bullish

EOS is caught in a bullish trend on the hourly chart, although a sell is signaled on the technical indicators. If the RSI indicator follows the September 7 bearish divergence signal, the price may still rise a bit to $4.2 and $4.4 resistance before it clearly plays out on the price chart – whereby retracing to the rising trend line (yellow).

However, the Stochastic RSI will continue to oscillate within its limits, although currently in the oversold area. In case of a sudden price drop, the closest support to watch out for is $3.8 level. A drive below the yellow line may cause the price to slump heavily to $3.6, $3.4 and $3.2 on the downside. For now, the bulls are gaining control of the EOS market.

Add EOS to Watchlist


News Source

Continue Reading
Open

Close