EIDOS mining attack analysis: hackers use EOS system account unlimited CPU function malicious mining

Starting at 2:53 am today, PeckShield security shield wind control platform DAppShield monitored the hacker to launch a continuous attack on the short account bidding system contract, using the system to return to the previous bidding operation to maliciously mine EIDOS, the attack is still ongoing. PeckShield security personnel analysis found that multiple hacking accounts lklk11111111, learneosgood, juyhgdf1234u, maymaymay111 use the EOS system short account bidding rules, bid for some unsold short accounts, start bidding from 0.0001 EOS, and then lower before the system account is returned The bid is made to transfer the notice to mine. Since the hacker initiates the auction, the transaction consumes less CPU, and the system account has unlimited CPU resources, so that the malicious account can infinitely "steal" the system's CPU for mining. PeckShield reminded that the EIDOS malicious mining attack has gradually migrated from DApp and the exchange to the EOS system contract, which will further aggravate the congestion of the EOS network. The majority of DApp developers and exchanges should pay attention to the changes in the account CPU market at all times to ensure The necessary operations can be performed.