Cryptocurrency startup founder NEO Zhang Eric made a comment concerning previously published reports of the presence of vulnerabilities in the project Protocol that allows attackers to steal user tokens via remote procedure call.
Zhang argues that the vulnerability does not threaten “ordinary users”, so as to operate the RPC function needs to be activated in the client NEO-CLI “which these users excluded”.
View image on Twitter
NEO Smart Economy@NEO_Blockchain
Erik Zhang @neoerikzhang, founder and core developer of #NEO, denied the risk of token theft remote for normal users and explained the reasons from the technical point of view. See report below
He also draws attention to the fact that RPC is activated by default, but only under certain conditions and via command line. The same applies to the options “BindAddress”, which defaults to the value “127.0.0.1”.
“If a user tries to change the configuration manually, the probability of occurrence of related risks may be excluded”, — says the publication.
As a result, users who decide to change the configuration manually, Zhang can not guarantee anything. In mid-June, Chinese anti-virus software developer Qihoo 360 announced that the wrong configuration of certain applications and farms in Ethereum has led to the fact that their users have lost more than $20 million at the exchange rate at the time.
At the end of last week, NEO announced the opening of its competence Centre in Saint-Petersburg and start development of a distributed file storage.