EOS Accounts Blacklist Details

in #eos3 years ago (edited)

EOS Accounts Blacklist Details

by @controllinghand
by @andcjane
by @summerskin
Special thanks to @a3t from @eostribe (if it wasn't for her this group and report would not even exist)
(Members of EOS BP Compliance Data/Research Group)
If you like this type of information join our TG Channel for more details
Updated 7/1/2018

Let me start out by saying, our MOTTO is "Skeptical Truth Seekers"
Our agenda is fact-based evidence applied in seeking this truth. We are also human and make mistakes, so if anyone finds any errors in this data please bring it to our attention. We are always trying to improve and strive to seek the truth in all we do.

The end goal is to strengthen the EOS community and not tear it down. We invite you to join us in this journey.

What about this blacklist

There has been a lot talk around the accounts that were frozen or blacklisted. How many accounts were blacklisted? Was it seven, 27 or more? Many people in the EOS community are talking about helping out the people who were allegedly hacked. No matter what side of the argument you lean, it is important that we all understand the data in question. As the old adage goes, information is power.

We were provided a list from one of the BPs that is part of the top 21. Thanks to eos42freedom.

With that information, we were able to do a deeper investigation into the 34 accounts that were frozen. We used multiple sources/explorers including, https://eospark.com/MainNet , https://eosflare.io/ Then we compiled all our findings into a spreadsheet that is open to the public for review here

You will notice that we have grouped these 34 accounts into 15 events. Each event has its own story to tell.

  • Event 1: EOS were un-staked but no EOS left the account.
  • Event 2: EOS were un-staked and 13010 EOS were sent to a suspect account. However, the suspect account was also frozen.
  • Event 3: EOS were un-staked but no EOS left the account.
  • Event 4: Only 1 EOS was sent to a suspect account.
  • Event 5: This is a very controversial event. Originally only two EOS left this account and then it was frozen. However, on the 25th of June, one of the block producers failed to add the blacklist to the config file and processed block number #2618051, which resulted in 3570 EOS leaving this account.
  • Event 6: EOS were un-staked but no EOS left the account.
  • Event 7: EOS were un-staked but no EOS left the account.
  • Event 8: We call this the Spaghetti Event. 7020 EOS left the account which was divided and sent to multiple accounts eventually ending up going to exchanges. Feel free to walk through all of the transactions. Suffice it to say, the source account lost his/her tokens.
  • Event 9: We call this event the RAM Buyer. Whoever is eos111eos555 decided to take the 1024.6465 EOS and buy RAM.
  • Event 10: EOS were Un-staked but no EOS left the account.
  • Event 11: EOS were Un-staked but no EOS left the account.
  • Event 12: This is an odd event because the receiving account has not spent the 10 EOS and still holds over 8000 EOS. I'm not sure what to make of this event and is why it is highlighted in yellow.
  • Event 13: EOS were Un-staked but no EOS left the account.
  • Event 14: EOS were Un-staked but no EOS left the account.
  • Event 15: EOS were Un-staked but no EOS left the account.

Out of the 15 events, only 5 accounts lost EOS. There has been talk about what to do with this and we’re not here to say what needs to be done. We are just trying to provide data that we all can use together. The EOS community can and should decide what is best.

A walk through how we compiled this data.

Let's walk through Event 2.

Step 1

Lookup source account in this case "gq4demryhage"

Notice that 13,010 EOS was sent out on 2018-06-17 to q4dfv32fxfkx

Step 2 follow the trail

Lookup q4dfv32fxfkx

Notice that EOS was then sent to account ktl2qk5h4bor

Step 3 follow the trail some more

Notice the account frozen with no transactions since.

Next let me walk you through event 9 "The RAM buyer".

Step 1 look up source account

Notice on 6/21/2018 EOS was sent to eos111eos555

Step 2 look up suspect account and see what they did

Yep that's right they bought RAM with the stolen EOS.

Final thoughts

  1. EOS has built in a protection mechanism with the stake and un-stake capability. This has already saved more crypto that we can imagine.
  2. 96,335 EOS were saved.
  3. 11,628 EOS were lost.
  4. Not all 34 accounts were source accounts
  5. For those accounts that lost tokens and were sold off to exchanges. The exchanges should be able to backtrack the transactions and identify the suspect accounts. We can provide those transactions to the exchanges.

Please provide any feedback to this post. We look forward to the EOS community thoughts on this matter.

Your humble "skeptical truth seeker" servants


A huge thanks to https://steemit.com/@a3t who was the mastermind behind the formation of the EOS BP Compliance data/research group. Without her help and direction this report would have never seen the light of day.

And the @EOSTribe team has gone above an beyond to keep the EOS community strong by coming up with awesome idea like the Valor Genesis Fund. Please join in.

Please consider what they are doing for the EOS Community and vote.


Great work! Please keep it up. This level of investigation is super helpful in terms of demonstrating for bad actors how difficult it will be for them to accomplish their goals.

Agreed. If you track this a little further you can probably stop them on the exchange as well. However, I'm not sure how the exchanges would handle that? But it is possible to follow the TX into the exchanges and associate the account.

Big thanks to @a3t for bringing this entire group together for this report to even happen!

No mention of her at all in any of this, that's weird. :/

@a3t was the reason why this happen in the first place. I take full responsibility for not pointing this out in the article. I have a great deal of respect for Anna and did not mean in anyway to avoid giving her credit.

I have updated the article and added recognition. Thanks for pointing this out.

If you like this data, we invite you to read the latest Valor Genesis Fund update. This data was researched for the Valor Genesis Fund to better understand who the fund should raise donations for and how much we should raise. - https://steemit.com/eos/@eostribe/restoring-faith-in-eos-valor-genesis-fund-phase-one-update

This is true. @eostribe has been instrumental in coordinating positive actions to help the EOS Community. They created this Valor Genesis Fund and asked the EOS BP Compliance team as a 3rd party to document the facts related to the accounts that were hacked. Please consider joining in on the Valor Genesis Fund to keep the EOS community strong. https://steemit.com/eos/@eostribe/restoring-faith-in-eos-valor-genesis-fund-phase-one-update

It was all @a3t who brought this entire group together or none of this would have happened, let's not be vague.

100% true. https://steemit.com/@a3t saw a few individuals and built the team. She is the mastermind behind the EOS BP Compliance data/research formation. If it wasn't for her this would not have even happened. Many thanks goes to Anna.

Great article, @controllinghand! Solid, factual reporting on a controversial issue. Exactly what the community needs.

I also used http://eosnetworkmonitor.io/ to check the work. However, the copy and paste function on your site is sometimes tricky. But the data is snappy and accurate as far as I can tell. Please continue to develop great tools like this in the future. The EOS community much appreciates it more than you know.

Neat report! Only facts.

@eos42 in the house. Thanks for all your support you team rocks! if it wasn't for you providing the blacklist this report would have never happened.

Brave well done!
Skeptical truth seekers unite!

please feel free to join the group we need all the help we can get.

Wow! great post!

Thanks for the kind words.

I have to be honest: I don't understand any of these events. The 2 explanations just kind of restate the short description without adding any additional insight.
What's missing is this: what are the signs in each of these events that something malicious was happening? The fact that EOS moved isn't malicious, necessarily. The fact that someone bought RAM isn't inherently malicious?
What's indicates maliciousness?

Thanks for the honesty. I agreed with you. The real question should be how did these events even get on the list? This is something I do not have any insight into. I was provide the list from one of the 21 BPs so I assume there is something to this. I would need to be provided with more information from each individual that filed a claim. With that said, there have been some users that have claimed to be a part of this list and is looking to the community for help. Thus the Valor Genesis Fund.

Great article!.
Bitfinex is an exchange and a block producer. The block producer part worked with the procedure and the exchange helped route event 5 away?
We call that in Dutch a loose wire.

Great point! @eosamsterdam. I'm sure Bitfinex has millions of transactions every day so tracking this one down could be tricky. Still if we had a way to mark certain transactions as nefarious and alert the exchange to launch an investigation that could be a game changer in the crypto world. Imagine, every hacker would stay away from EOS because the Exchange could catch them faster than other crypto.

Ooooops! My case.

You have a minor grammatical mistake in the following sentence:

Each event has it's own story to tell.
It should be its own instead of it's own.