A well-known Chinese internet security research firm Qihoo 360 has discovered a critical bug on EOS producer node that can be used by hackers to manage code on nodes remotely. After that, it has warned the EOS blockchain project about a series of epic vulnerabilities that were found out on the platform.
The official blog post on Qihoo 360’s website reads:
“This vulnerability could be leveraged to achieve remote code execution in the nodeos process, by uploading malicious contracts to the victim node and letting the node parse the malicious contract. In a real attack, the attacker may publish a malicious contract to the EOS main network”.
It is said that the private key of super nodes can be stolen by hackers and used for controlling content of newly created blocks. Moreover, attackers may have an opportunity to implement malicious contracts into new blocks and make them publicly available. As a result, it may happen that the entire network with all the nodes can appear under control of the attacker.
Subsequently, attackers may obtain the right of managing all nodes on the network, including those of cryptocurrency wallets and exchanges which will enable attackers receive full control of secret keys to cryptocurrency transactions.
Qihoo 360 has informed EOS lead developer Daniel Larimer about this alarming issues, nevertheless, there is still no official public comments on the situation from EOS.
The only publicly available response was posted by Larimer on Github:
“If any of these asserts trigger in release it shouldn’t pass, but should throw. Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere”.
At the moment, there is still no precise information whether the launch of EOS, that is planned to take place this weekend, will now happen on time or will be postponed due to the occurred challenges.
Bugs may sometimes appear and can be fixed just in a couple of hours but the type of bug that has been revealed in this very case is considered by some external experts too serious to be urgently fixed just in a couple of days before launch.
Meanwhile, Daniel Larimer appeared on Twitter asking for some more help in finding other possible bugs that may have negative impact on the platform’s security and effectiveness of the system.
Help us find critical bugs in #EOSIO before our 1.0 release. $10K for every unique bug that can cause a crash, privilege escalation, or non-deterministic behavior in smart contracts. Offer subject to change, ID required, validity decided at the sole discretion of Block One.
EOS coin is the world’s fifth largest cryptocurrency with a market cap of $10,6 bln. After the Qihoo 360 ’s report was published, we had an opportunity to observe declining trends in EOS prices. It lost approximately 11% and could be purchased for $10.93. Nevertheless, as it is informed by CoinMarketCap, at the press time the coin is traded at $11.99, which means that it is slowly recovering.
I’m a content writer and editor with extensive experience creating high-quality content across a range of industries. Currently, I serve as the Editor-in-Chief at Coinspeaker, where I lead content strategy, oversee editorial workflows, and ensure that every piece meets the highest standards. In this role, I collaborate closely with writers, researchers, and industry experts to deliver content that not only informs and educates but also sparks meaningful discussion around innovation.
Much of my work focuses on blockchain, cryptocurrencies, artificial intelligence, and software development, where I bring together editorial expertise, subject knowledge, and leadership experience to shape meaningful conversations about technology and its real-world impact. I’m particularly passionate about exploring how emerging technologies intersect with business, society, and everyday life. Whether I’m writing about decentralized finance, AI applications, or the latest in software development, my goal is always to make complex subjects accessible, relevant, and valuable to readers.
My academic background has played an important role in shaping my approach to content. I studied Intercultural Communications, PR, and Translation at Minsk State Linguistic University, and later pursued a Master’s degree in Economics and Management at the Belarusian State Economic University. The combination of linguistic, communication, and business training has given me the ability to translate complex technical and economic concepts into clear, engaging narratives for diverse audiences.
Over the years, my articles have been featured on a variety of platforms. In addition to contributing to company blogs—primarily for software development agencies—my work has appeared in well-regarded outlets such as SwissCognitive, HackerNoon, Tech Company News, and SmallBizClub, among others.
