"The Dog Ate My Blacklist!"

in eos •  6 years ago  (edited)

Last Friday, ECAF released an Emergency Measure of Protection Order instructing block producers to cease processing transactions from twenty-seven various accounts in order to divert a possible theft in progress. Today, one particular block producer (eos.store) failed to update their blacklist file that was provided to each block producer in order to carry out the order. This careless action cost one of the twenty-seven account holders 3,570 EOS coins; the equivalent of $28,846 USD at the time of this writing. Finding today's news incredible, I decided to investigate. After posting information on a public form, as I discovered it, within minutes I was contacted by a representative from the eos.store block producer. The following is our conversation.

Screenshot (288).png

Essentially, The excuse given was "The Dog Ate My Homework". However, If we dig a little deeper we find out that his story simply doesn't gel:

Excuse #1: "I didn't receive the last blacklist."
Excuse #2: "I didn't attend the meeting."
Excuse #3: "I had something else to do."

While talking to him, I quickly received the impression he was a sole proprietor, or at least it seemed that way until I researched his company's website which revealed ten employees working for eos.store, most of them using only their first name.

Screenshot (287).png

My professional career has been in forensic accounting for the last twenty-seven years (pure coincidence). Five of those years have been spent investigating multiple cases involving Chinese reverse takeover merger fraud. On the surface, this situation has the potentiality of hitting a little too close to home, but I will refrain until I have completed my investigation at a later date. I will say, spending 27 years conducting investigations into securities fraud, I have the same feeling in my stomach today as I did in each of those cases.

Q: If you were unable to attend the meeting, what were the other nine employees listed on your website doing, and what prohibited them from attending?

As the evening rolled on, the blockchain representative joined an online conversation in which his story seemed to slightly change from just a few hours earlier.

Screenshot (289)_LI.jpg

Yes, he actually presented an excuse #4 which was completely different from the prior three excuses. Each excuse being much different than the previous one given. All this begs the question: is eos.store responsible enough to manage the security protocol of potentially billions and billions of dollars?

Article ii of the EOS Constitution states: "Member shall be liable for losses caused by false or misleading attestations and shall forfeit any profit gained thereby."

If ECAF is unable to impose article ii, I hope the EOS community collectively shows these gents, or at least just one gent, the door. Vote wisely.

EOSio Donations: cigarbutts11

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

What article II really says: "Don't scam." It doesn't apply in this situation.

It has been also made clear that all BPs have the right to decline what arbitrators propose for them. Arbitrator's ruling is only a proposal, not something that must be enforced. If a BP refuses to do what arbitrator is asking, the arbitrator can't do anything about it. But voters should vote accordingly, whether they agree with the refusal or not.

Another thing to remember is this, from Dan's latest blogpost: "EOS is designed to focus on restorative restitution rather than punitive retribution."

OK, so now somebody screwed up. The question is not "how we can punish him", but "what he can do to make things right again".

You're correct about article ii, but I'm not certain we agree on BP's having the "right" to decline an arbitrators' "order" (not a proposal).

S. 3.5 Rules for Dispute Resolution:

"The emergency Arbitrator has the AUTHORITY to order or award any interim measures that are deemed necessary. Any Member affected by such orders or interim awards SHALL UNDERTAKE TO COMPLY WITH THEM WITHOUT DELAY."

You may be correct but there's not enough evidence for me to draw a conclusion upon. As you pointed out, it's still a very early stage in the game.

Dan did recommend restorative restitution. Just this morning, he stated it was his personal belief eos.store should make the victim whole again. So far, eos.store agreed to do so upon the condition that they're forced to do so by the community, not out of their willingness for the sake of integrity. Often times when you find one cockroach, another isn't very far away.

So eos.io has given four separate excuses for why they didn't update the blacklist, stated they'd contact the man and make it right, issued a public statement that placed blame on ECAF, then stated they would only make it right with the victim if they are forced to do so.

Did you know that the majority of citizens living in Communist China are more prone to watching a crime being committed than to interject due to fear of being sued for harming the assailant? Fact.

INTEGRITY!!!

("Incompetence = Negligence")

If Simon did not attend probably someone else from that staff did, waiting on an answer to that from @eos.store

@: https://steemit.com/statement/@eos.store/statement-of-updating-the-blacklist-from-ecaf

The communication system of ECAF is not perfect for ECAF itself is at preliminary stage. The information of these frozen accounts did not appear in following channels: 1. Three Telegram channels: EOSIO Gov, EOS Validation(EMLG) and EOS BP Infrastructure.; 2. Github as the first blacklist did; 3. Zoom video meeting on June 21st. Only in Keybase and EOS 911 could you find this information. Plus current massive fake news, like a fake ECAF arbitration order these days, we did not updated the blacklist in time.

Was the blacklist mentioned on the 21th conference?, maybe they attend but it was not mentioned?, leaving to blame Github, or the Telegram channel, or lack of a proper communication system

https://decentwitter.com/

is getting work done and is looking better and better, why do not give it a good use and push some mayor news there, we have our own twitter, hello? :D

They recently (after this story was published) claim they had someone at the meeting. That says nothing in regards to why they still failed to update the blacklist and prevent a crime from occurring.

The ECAF is still in its infancy. That said, there is really no excuse to what happened here. This BP should be voted out by the community. If they want back in, they have to prove themselves.
In the meantime, the account holder that lost his EOS should be fully refunded by the BP that caused this.

@cigarbutts can you provide the list of 27 accounts in question here? or a link to an official document? I was told that it was only 7 accounts and that the 27 was FUD. Can you please confirm?

so 20 BPs were in discussion for 2 days and noone noticed someone was missing and didn't update?

In bitshares, if my pricefeed goes more than 2 hrs old, I start getting DMs from people.

Actually, two of them were missing. Thanks to the persistence of EOS New York, they finally were able to get in touch with genesis-mining, who's currently in the #16 position, and inform them to update their blacklist, which they had not done. So, there's two acts of irresponsibility from companies allowed to oversee your security, that took place.

WE have to dig deeper into (EOS STore / Genesis Mining ) Connection...

Oh, there is another thing that I urge you to research. If you go by the constitution and the spirit it was written in (as in, all people are essentially good, whatever that word means), the exchange that accepted those tokens is also liable for aiding in theft.

That was my reason for saying that freezing those accounts is unnecessary, just to inform everyone not to accept any transactions involving them, as that opens you personally to liability. That is not censorship from BPs, but self censure in the spirit of the constitution.

I'd also like to urge whoever was that whose account money were moved to go to arbitration against the exchange in question. Blockchain makes it trivial to see which exchange it was (and some exchanges are also Block Producers), so they should know better.

The problem with this idea, although good in spirit, is that China is a protectionist country and doesn't allow foreign entities to receive judgement against Chinese domiciled businesses. International law is not upheld in communist China. Unless the victim is Chinese, which I've been told he is Korean, he's out of luck.

That was my reason for saying that freezing those accounts is unnecessary, just to inform everyone not to accept any transactions involving them, as that opens you personally to liability. That is not censorship from BPs, but self censure in the spirit of the constitution.

good view, not sure if it require more effort, be less o more chaotic

what are the differences between an account that can not send any transactions and a frozen account?

Freeze of the account happens on BP level. That is, there is a command that makes eosio software reject any transactions from that account, but since there are 21 producing BPs that requires running on all of them with an updated list.
But for exchanges to selfcensor, at the start they just needed to send those tx back to that account to block it. Now that there are tools that allow you to create new accounts the situation becomes harder, but the blockchain is transparent so it is doable.

I'd think it is something that is more important than discussing the dress code for the participation in the conference calls.

SMH...

Looks like eos.store is still ranked 9th even after such a big mess up. This isn't right.

@cigarbutts, I gave you an upvote on your post! Please give me a follow and I will give you a follow in return and possible future votes!

Thank you in advance!

Congratulations @cigarbutts! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @cigarbutts! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You made your First Vote

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

This is why the way $NEO goes about HAND selecting their validation nodes is far superior. $EOS coin holders vote and Block Producers can fail to get a spot on the validators list, etc etc. They are not hand-picked so who knows what you will get. While delegated Byzantine Fault Tolerance does have it's drawbacks, #NEO 3.0 will rock! soon the Neo Smart Economy will be looking at #EOS through its rearview mirror.

Congratulations @cigarbutts! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published your First Post
You made your First Comment
You got a First Vote

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Oh gosh, what a terrible state of affairs. Is eos.store going to pay this token holder back for what they lost? Does eos.store publish its ownership? Legal entity name and proof of incorporation?

I am hoping the right thing will be done and an investigation takes place.

Congratulations @cigarbutts! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You got a First Reply

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!