![2018071114201065.jpg](https://cdn.steemitimages.com/DQmTeof3rPWSVx7s1hyL4JRwHQPCknejrB6oM8vMEMFykP8/2018071114201065.jpg)

Slow fog area partner Meitu blockchain laboratory technical intelligence said that the malicious EOS contract has the security risk of consuming user RAM.
They analysed and found that the risk of attack caused by such vulnerabilities might be quite large and, therefore, requires vigilance of major exchanges, wallets, token airdroppers, DApps and users to avoid losses, SlowMist mentioned in their website.

The Slow Fog Safety Team and the Meitu Blockchain Laboratory have decided to take the responsible disclosure process for such risks. However, the details are not directly disclosed. The relevant project parties need to email their team ( team@slowmist.com) to know the details in advance. Previously, slow fog security team also warned of EOS account security risk. The team mentioned that the EOS wallet developer strictly judges the node confirmation (at least 15 confirmation nodes) to inform the user that an account has been successfully created. If it not properly judged then a fake account attack may occur.

![eos_1.png](https://cdn.steemitimages.com/DQmPkDUNdC7D5J1cPAQg6MHNiurooqr14498Fcp157RMCWL/eos_1.png)

The attack can take place when a user uses an EOS wallet to register an account and the wallet prompts that the registration is successful, but the judgment is not strict, the account essence is not registered yet. User use the account to withdraw cash from a transaction. If any part of the process is malicious, it might cause the user to withdraw from an account that is not his own.

Also, recently, a blockchain security company, PeckShield recently analyzed the security of EOS accounts and found that some users were using a secret key to serious security risks. The found that the main cause of the problem is that the part of the secret key generation tool allows the users to use a weak mnemonic combination. And, the secret key that’s generated in this way is more prone to "rainbow" attacks. It can even lead to the theft of digital assets.

*Source: https://bcfocus.com/altcoin/malicious-eos-contract-has-security-risk-of-consuming-user-ram-meitu/19272/*

![DQmcnYcqzA9sSvosuAC8mrShuon8YefTzdzby9KARHgaaGG.jpeg](https://cdn.steemitimages.com/DQmUYsNxMhjjckhHHFV4n1JQsf7dYgwMasGW56t2CcAzPfs/DQmcnYcqzA9sSvosuAC8mrShuon8YefTzdzby9KARHgaaGG.jpeg)