Security company: be wary of recovering EOS account risks through multi-signature proposals in EOS account trading

In the EOS account trading market, the known method of recovering an account is to use the account to initiate a delayed transaction to modify the account permission before the account is sold. After the account is closed, the delayed transaction is triggered and the account permission is changed to achieve recovery The purpose of the account.

According to the intelligence of Redstone, a partner in the Slow Mist area, there is currently a new type of account recovery attack. The attacker can use the sold account to initiate a multi-signature proposal to change permissions in advance, and use the sold account and another account controlled by the attacker to agree to the proposal. Since the two actions of passing the proposal and executing the proposal can be performed separately, at this time Do not execute the proposal first. After the account is sold, use any account to execute the proposal and change the permissions of the sold account to achieve the purpose of recycling the account.

The SlowMist security team reminds you to be alert to such account recovery attacks in the EOS account trading market. When conducting account transactions, you can first query whether the corresponding transaction account has a multi-signature proposal for changing permissions. If such a proposal exists, you can reject the account transaction.