2 million EOS were stolen due to the fact that games.eos did not update the black list of hacked accounts. EOS Blockchain is designed in such a way that all 21 block creators must confirm the list of hacked accounts to add them to the special blacklist. This time, the hacker’s account was in the unconfirmed list and managed to steal 2 million tokens.
Immediately after the discovery of the theft, cybersecurity experts immediately blocked the accounts with a stolen cryptocurrency.
To solve the vulnerability problem, experts suggested deleting account keys that should be blacklisted. Zeroing will be more effective than adding to the blacklist.