LONDON (Bywire News) - One of the problems confronting the cryptocurrency and blockchain sectors is the number of attacks levied against smart contracts. These, along with unintentional errors in smart contracts, put millions of dollars at risk. Attacks are growing by the year and catching the culprits can be difficult.
Unfortunately, as we all know, when something like this happens it can be difficult to recover stolen funds. Projects often go without insurance or compensation plans for the victims.
The structure of blockchains also lends itself to attacks of this kind. Criminals know all too well that it is impossible to turn off a blockchain or rollback transactions because these procedures affect the blockchain itself leading to a fork. This happened with ‘The DAO’ attack against Ethereum which led to the theft of $50 million worth of Ether. The incident prompted the Ethereum blockchain to split into two – one with an altered history, Ethereum, and another with an unaltered history Ethereum Classic (ETC).
However, not all blockchains have this disadvantage. Some have actually provided a management system for this type of eventuality and can operate on individual accounts or addresses rather than on the entire blockchain itself.
This method of operating and blocking an account has already been operated on the EOS blockchain. More than once, this approach has made it possible to recover the funds stolen by criminals and return them to their legitimate owners and prevent the criminal from using the account used for the 'attack.
However, EOS is second only to Ethereum in terms of attacks, with 119 against Ethereum’s 149. The network believed the time had come to give a strong signal to both criminals and the community that cybercrime was going to be tackled, which leads us to the arrival of the Recover + Working group on EOS.
The introduction of Recover +
Driven by the EOS Network Foundation, Recover + is tasked with condensing the strategies and procedures to be adopted in case of attack. Various projects and dApps can register on the recently set up EOS Recover portal and benefit from a dedicated team who can help in the event of an attack.
Countering such threats can be complicated. No single attack is identical. Each one will need to be studied to understand the problem as it emerges and strategies will need to be adopted in the event of an attack. The goal will always be the same – to stop the smart contract, limit losses, and contact various exchanges to report the criminal account, among other strategies.
The group also invites Block Producers (BPs) to join the project. Thanks to their collaboration, they can make quick decisions and block the accounts of criminals before they can escape with the loot. The ability to work with BPs, block accounts, and recover funds is something other blockchains can’t do without fundamentally affecting the blockchain. This is a major advantage of EOS as it is obviously easier to block an account that does not stop the blockchain and cause harm to all users.
This working group aims to protect the greatest number of victims that can occur through interaction with the various smart contracts. As a consequence, though, lesser attacks such as phishing or the theft of private keys, are not taken into consideration. Anyone affected by these attacks will also have EOS Support to lean on for assistance when needed.
In addition to the protection of smart contracts, the working group also has a section dedicated to white hats, i.e. those people who have discovered vulnerabilities in the codes but prefer to obtain a reward for not spreading the problem. By engaging with them, it will be possible to work out a solution before an unpleasant event.
This actually allows for a safer system because, with each type of vulnerability that is discovered and solved, the smart contract becomes less likely to be compromised, creating a safer ecosystem over time.
(Writing by Alfredo de Candia, Writing by Tom Cropper, Editing by Cléo Celeste)