The EOS network has just started producing its blocks, but one well-known researcher of blockchain already warns that EOS vulnerabilities not yet discovered in the code will become the cause of a "massive exchange hack" in the near future.
Cornell Univesity Professor Emin Gün Sirer, along with the rest of the cryptocurrency community members, who contemplated the first days of the EOS network, predicted large-scale security problems caused by inmature EOS code.
I'm calling it: there will be a massive exchange hack within the next year, taking advantage of an EOS vulnerability. That exchange will lose its hot wallet.— Emin Gün Sirer (@el33th4xor) 18 июня 2018 г.
Hackers will send the proceeds to downstream exchanges, where they will trade into other coins.
Sirer clarified that he did not discover actually any bug in the EOS code, but he simply assumed that there is a high risk of a successful attack on the cryptocurrency network, given how developers "handle safety critical bugs".
On the weekend, the EOS blockchain stopped producing blocks for several hours due to a vulnerability, while Block.one developers tried to find a solution of the problem, which appeared less than 48 hours after the network had been launched. The bug was quickly fixed, but Sirer criticized the developers for not providing enough clarity about this and other incidents.
"You can't incrementally patch your way to correctness. Testnets help find bugs but lack of bugs in testnet doesn't provide any assurance of correctness," he added. "In the same vein, you can't start out with some bricks, beams and cables over a body of water, patch the holes where cars fall into the ocean, and end up with a load-bearing bridge."
Sirer reminded users that they should not store their cryptocurrency assets on cryptocurrency exchanges, because if his prediction comes true, all traders of the hacked exchange, and not just EOS holders, can suffer. He also advised users to require developers to be more transparent when they publish messages about fixing vulnerabilities.
"Ask that development teams provide careful post mortems after bugs, describing not only the patch to fix them, but the changes made to address whatever gave rise to the bug in the first place," he added.