In the rapidly evolving world of decentralized finance (DeFi), the security of digital assets remains a top concern for investors and developers. Against this backdrop, EOS has once again demonstrated its commitment to pioneering robust security solutions with the latest results from its cutting-edge cybersecurity portal and rapid incident response program, Recover+ (R+). Designed to protect EOS DeFi projects and their users, R+ recently marked an important milestone in its journey to ensure the integrity and security of the blockchain ecosystem.

Building on its success, R+ broke new ground by successfully intervening in an incident involving the EOS EVM, demonstrating extended capabilities beyond EOS Native, unprecedented in the industry. This extraordinary recovery action not only protected nearly 2 million EOS for its rightful owners, but also made R+ the first program of its kind to extend protections to the EOS EVM project.

From Breakthrough to Breakout: PayCash Property Recovery on EOS EVM

The EOS Recover+ (R+) team faced challenging security breaches that tested their capabilities and the limits of blockchain infrastructure. This saga began on May 6, 2023, when the R+ team detected a hacker attack against PayCash, a project running in the EOS ecosystem. We immediately began working to establish communication with the PayCash team, but before contact could be established, the situation escalated further as the hacker moved the stolen funds to the EOS EVM, an area where there were no mature tools or protocols to handle such incidents.

The situation was further complicated by the lack of an audit of PayCash, prompting months of collaboration between the R+ team, EOS EVM engineers, and the PayCash team to devise a viable recovery solution. This breakthrough was achieved shortly after the release of EOS EVM v0.5.2 in September, which introduced several key management operations tailored to critical security vulnerabilities.

In preparation for the recovery, on January 25, the R+ team presented their proposed solution on the Jungle testnet, sought input and support from key EOS engineers, including Denis Carrier of EOS Nation and Bohdan of CryptoLions, and initiated broader discussions with EOS block producers (BPs) to lay the groundwork for upcoming proposals.

On February 19, one day before the proposal was submitted, EOS BPs were briefed on the proposed technical solution to address the PayCash hack. This preemptive measure was intended to facilitate a thorough validation process, allowing BPs to ask questions and understand the complexity of the proposal.

On February 21, the R+ team submitted a multi-signature (MSIG) proposal to address the PayCash hack and was approved by 15 of the 21 block producers (BPs). However, this initial proposal failed to execute due to delayed transactions no longer being processed on the EOS mainnet, prompting an immediate and focused response from R+ project leader Francis and EOS engineers. They quickly discovered and resolved the issue, streamlining the approach for the second submission.

By February 22, after summarizing and adjusting, a revised plan was proposed. This time, it successfully overcame technical challenges and was approved by the eosio.evm@active license. These actions initiated the recovery of nearly 2 million EOS, which have been transferred to eos.recover from more than 6,000 hacker-controlled accounts. This is a truly landmark demonstration of the resilience of the EOS ecosystem and the new influence of the R+ program in protecting assets on the EOS EVM from sophisticated threats.

Dear Crypto Community,

On February 22, 2024, the Recover+ team successfully froze 2 million EOS of damaged funds on the EOS EVM and has entered the final recovery stage.

The PayCash team would like to express its deepest gratitude to the Recover+ team for their continued support and expertise in ensuring justice is restored. This not only highlights the effectiveness of the Recover+ program, but also demonstrates the reliability and advancement of the EOS ecosystem.

To show our appreciation and commitment to creating a safer blockchain environment, we have pledged to donate 5% of all recovered funds to further support and development of the Recover+ project. This gesture reflects our contribution to supporting ongoing efforts to strengthen security measures, protect the EOS community from possible threats, and the overall adoption of the EOS blockchain.

With sincere gratitude,

PayCash Development Team

This episode not only highlights the technical agility and collaborative spirit within the EOS community, but also marks an important milestone in the history of the blockchain. The successful recovery operation highlights the evolving capabilities of the EOS infrastructure to address complex security challenges, particularly within the EVM framework.

Next steps include continuing to work with the PayCash community and developing follow-up proposals to ensure that the recovered funds are returned to their rightful owners. This incident demonstrates the effectiveness of R+ and its critical role in protecting the EOS ecosystem from sophisticated threats, thereby enhancing the security and trustworthiness of blockchain technology.

PayCash incident TLDR;

  • May 6, 2023: The R+ team detected a security vulnerability targeting the PayCash project on EOS.

  • Post-Detection: When the hacker moved the funds to the EOS EVM (the space lacked tools to handle such incidents), we started reaching out to the PayCash team.

  • Next few months: The R+ team, EOS EVM engineers, and the PayCash team worked together to develop a recovery solution.

  • September: Released EOS EVM v0.5.2, addressing security vulnerabilities through administrative actions.

  • January 25: The proposed recovery solution was demonstrated on the Jungle testnet, attracting EOS engineers and EOS BPs for feedback.

  • February 19th: EOS BPs briefly presented the recovery proposal and had a long Q&A with the R+ team, facilitating a thorough verification process.

  • February 21: Initial proposal submitted and approved by 15/21 BP, but not executed due to delayed transaction.

  • February 22: Francis, R+ project lead, and EOS engineers identified a solution to the issue, resulting in a revised proposal that overcame the initial setback, received approval from eosio.evm@active authority, and successfully recovered nearly 2 million EOS from over 6,000 accounts to eos.recover.

“This action embodies a solid framework for future non-mainnet governance of EOS, specifically the EOS EVM and the anticipated BTCL2. While no system is perfect, we are committed to refining our systems on a case-by-case basis. By taking this approach, we move toward a future that is infinitely closer to the one we imagine, continually improving the EOS ecosystem to match our vision.”

—Francis Sangkuan, Recover+ Project Leader

How Recover+ improves DeFi user experience

Recover+, which currently represents 24 projects with over $34 million in TVL, is the cornerstone of EOS’s response to the ever-present threats in the decentralized finance (DeFi) space. This cybersecurity portal and rapid incident response program was conceived out of necessity to address the alarming frequency of security breaches, hacks, and scams plaguing DeFi projects. Its mission is simple yet important: to protect EOS DeFi projects and their users by taking swift action to recover stolen funds and mitigate potential losses.

At the core of R+’s value proposition is its profound impact on user experience in the Web3 space. By providing a strong layer of protection, R+ acts as a kind of immune system for the ecosystem, giving users confidence in their transactions and investments. The value of this safety net is invaluable, as it not only protects assets, but also fosters a sense of security and trust among project owners and participants, encouraging wider adoption and participation in DeFi applications.

Initially tailored for EOS Native, R+’s reach has expanded significantly with its integration with the EOS EVM. This strategic expansion marks a new phase of development, bringing its sophisticated incident response capabilities to Ethereum-based projects. This inclusivity reflects a broader vision for blockchain security that transcends individual ecosystems to provide a united front against digital threats. By bridging this gap, R+ not only enhances the security of EOS, but also enriches the broader blockchain community, setting a new benchmark for DeFi security.

The program's participation threshold is currently set at a minimum of $1 million, underscoring its commitment to protecting the significant investments within the ecosystem. Each event is evaluated on a case-by-case basis to ensure the program remains accessible and meets the diverse needs of the community. This flexibility reflects R+'s user-centric approach, which prioritizes protecting the assets of DeFi projects and stakeholders across the board.

Read more about Recover+’s impressive saga

Blockchain Guardian: An Indispensable Role for Recover+

The PayCash recovery operation orchestrated by the R+ team epitomizes R+’s cutting-edge and indispensable role in the EOS ecosystem. Through innovative solutions and collaborative efforts, R+ successfully addressed the complexity of a major security vulnerability and ultimately recovered nearly 2 million EOS. This operation not only demonstrates R+’s technical prowess, but also its important role in protecting the EOS community from complex threats.

Uniquely, R+ sets the EOS network apart from other blockchain ecosystems by providing unparalleled security and user protection. Its ability to address and correct security vulnerabilities, particularly in challenging areas of the EOS EVM, underscores EOS’s commitment to maintaining a secure and trustworthy environment for its users and developers.

This incident serves as a strong invitation for projects within the EOS ecosystem to work with R+. The program stands ready to provide protections and rapid response capabilities to ensure the EOS community remains resilient in the face of potential security challenges. By leveraging R+’s resources and expertise, projects can strengthen defenses, protect assets, and contribute to the overall security and integrity of the EOS ecosystem.

Building on EOS? Contact Recovery+ today to secure your future.

About EOS Network

The EOS network is a paradigm of the blockchain 3.0 era, powered by EOS VM. EOS VM is a low-latency, high-performance and scalable WebAssembly engine that enables near-invisible deterministic transaction execution. The EOS network is designed for Web3 and is committed to achieving the best Web3 user and developer experience. EOS is the flagship blockchain and financial center of the Antelope protocol, and through the EOS Network Foundation (ENF) as a tool for multi-chain collaboration and the development of public infrastructure products, it further improves the infrastructure and drives the rapid development of EOS.

EOS EVM

EOS EVM is a simulation of Ethereum EVM and resides in EOS smart contracts. EOS EVM will provide the same functionality as other EVMs in the field, but with unparalleled speed, performance, and compatibility advantages. EOS EVM connects the EOS ecosystem with the Ethereum ecosystem, allowing developers to deploy a large number of Solidity-based digital assets and innovative dApps on EOS. Developers can use EOS EVM to take advantage of Ethereum's battle-tested open source code, tools, libraries, and SDKs while taking advantage of EOS's superior performance.

About the EOS Network Foundation

The EOS Network Foundation (ENF) was created to create a prosperous, decentralized future for the EOS ecosystem. ENF is ushering in a new round of Web3 change by encouraging active participation from key stakeholders in the EOS ecosystem, supporting community projects, providing ecosystem funding, and supporting the construction of an open technology ecosystem. As the center of the EOS network and a leading open source platform, ENF was founded in 2021 and has a stable set of frameworks, tools, and blockchain deployment libraries. Together, we have achieved innovation in community building and are committed to creating a stronger future for all.