June 14th, 2018 - Update on EOS911 EMERGENCY
"I believe that good people don't have to resort to bad things, just because bad people exist and I'm not going to rest until we figure out and solve those problems." - Dan Larimer
EOS42 would like to thank to those who dedicated their time into this community initiative: EOS RIO, Blockmatrix, EOSSW/eden, HKEOS, EOS Tribe and EOSDac, and Sandwich for engaging with the victims in the EOS911 telegram group, EOSYS, EOSNodeOne for helping with communication in the Korean community, EOS Cannon and IMEOS for helping with communication in the Chinese community. And Sam S. from ECAF for addressing questions about the arbitration process.
An open letter to all victims of phishing attacks:
For those who can prove the ownership of their ETH key and wish to have their EOS account to be frozen, please proceed to https://recovery.eos911.io to authorize EOS Block Producers to freeze the EOS account that is linked to your ETH key. For you to claim back the funds you have to submit your case (we're trying to figure out whether or not we can file all these disputes on behalf of the users) to ECAF (EOS Core Arbitration Forum) so that a ruling can be made.
If you’re reading this, there is a high possibility that you’re one of the victims. Phishing have been rampant during EOS token registration phase. These cases belong to the category of social engineering attack. This is also one of the most common attack vectors present in the blockchain space. For a phishing attack to happen, it needs a altered consensus among the parties, which means: for you to get phished, you must have agreed on an altered version of truth. They’re difficult to prevent because they exploit the human brain, examples include but not limited to: fake airdrop, asking for your private key, or in our case - fake key generator.
It’s important to know that firewalls and anti-virus software are not useful for this kind of attack. It’s only through education and empowerment of individual responsibilities we can prevent this from happening. We hope that you’ve learnt your lesson and not to fall for such trap again, we also hope that you can share your story with your friends and family, as we’re trying to help you today, you may be the one who will be helping victims of phishing attacks in the future.
Today’s blockchain space is still a wild west, and full of black swans. It’s for this reason EOS.io was born, with a grand vision to protect life, liberty, property and justice for all by utilizing blockchain technology, and this will be a never ending goal. Today, the community took on the challenge in combating with phishing attacks, just like how we will be peacefully combating with challenges we may encounter in the future.
EOS is envisioned to be a governed blockchain, a blockchain for humans. May we all have a world where life, liberty, property and justice of all are protected.
Things to consider:
Before you consider yourself as a victim please verify your EOS private key with different offline tools provided by the community just to make sure.
Victims will have 24 hours to signal the EOS Block Producers to freeze the EOS account that is linked to that ETH key via an Ethereum smart contract . Deadline is June 15 20:00 UTC
Please fill the google form if you made your claim via https://recovery.eos911.io and want to be contacted in the future. https://docs.google.com/forms/d/11N23ybhKrshuAcoUsOucfRG90F_-Snq4_5uXcc3mp70/edit
The site is hosted on Github pages and is complete open source (https://github.com/eos911/eos911.github.io).
For those of you who lost/forgot your private key, if you believe that your private key was never compromised, you don’t need to freeze your account. Nobody will be able to move your funds and you can always submit your case via ECAF and wait for a ruling.
What to expect?
The goal now is to freeze these funds so the attackers can't move them, the arbitration process is subject to change as we're still in a very early stage of EOS, those affected please stay updated with us.
- Even though mainnet is live, tokens are still staked for 3 more days.
The action of injecting a 0 balance transaction with a newly generated EOS keypair into the smart contract of https://recovery.eos911.io means the owner of that Ethereum address is signaling the Block Producers to freeze whatever EOS account that is previously related to that ETH public key.
After June 15, 20:00 UTC. A snapshot of the contract will be taken with all the accounts that are in dispute.
Those accounts will be frozen until an arbitration ruling is made by the ECAF (EOS Core Arbitration Forum)
Your funds will be returned to the EOS Public key that you put on https://recovery.eos911.io after your case is processed.
EOS42 is an EOS Block Producer Candidate based in London, UK