BOS WPS — BOS Antifraud Shield

Attic Lab

Published in

Attic Lab

3 min readMay 7, 2019

1 May 2019

Goals

The lack of diligence of ECAF and deliberation of 15 BP at EOS lead fraudsters who managed to steal money to exchange EOS for fiat/crypto and to withdraw money from EOS chain before the accounts have been added to the blacklist. And the last incidents have demonstrated us the failure of both the blacklist and ECAF. The AtticLab team studied that almost all Block Producers have signed the transaction that were in the blacklist. Everything due to human inattentiveness. One of those latest bright examples is a lost of 2 000 000 EOS. The frozen blacklist account gm3dcnqgenes was invalidated, resulting in 2.09 million EOS were transferred. The reason for this failure is that the newly entered BP of the 21 did not update the blacklist configuration on time, and the attacker caught the opportunity. Only part of such funds was locked, a big part of stolen funds there withdraw before BPs are

Our idea is to create an internal tool which attackers would have no access to. In order to counteract, it is obligatory to:

Act very quickly

2. Interact with the exchanges

3. Track the whole onchain transaction

Expected results

Online offchain system that:

Allows trustees: BCAF, BP, Police, exchange to add to the greylist accounts, after the suspicion of burglary or theft has been received.
After adding, the system automatically starts tracking all transfers from a
compromised account and adds the whole chain of related accounts to the greylist.
Before each exchange withdrawal, using the API request helps to check whether this account presented in the blacklist/ greylist or not. And if this account is suspicious — to transfer the withdrawal to manual mode.
BCAF carefully considers each issue, after which the account is either removed from the greylist or added to the blacklist