EOS’s Experimental Launch Might Be Putting Investor Money at Risk

Who do you trust with your private key?

That’s the question that may be on the minds of EOS token holders, who while incentivized to help the much-anticipated technology finally go live, haven’t yet done so. As EOS is set up to enable self-governance by its users, it’s these individuals and companies who have to make the first move, electing who they’d like to process transactions that occur on the network in an elaborate global vote.

But at the time of writing, they haven’t exactly done that. Rather, EOS’s blockchain is locked in a middle ground between “launched” and “live” that rests on the willingness of users to complete that process.

The issue is that, to vote, users have to prove they hold their tokens, a process that requires the use of their private keys, sensitive cryptographic strings that prove they own their funds, and if lost, would be gone forever. As such, it seems that while users are eager to take part, they are nervous that the tools that would enable them to vote might put their holdings at risk.

“The biggest ‘miss’ in EOS launch is the failure to understand that retail EOS investors will be reluctant to vote with their private keys on the line,” one EOS user wrote on Telegram.

As detailed by CoinDesk, the only voting software that has been subject to third-party security review is CLEOS, a command-line tool issued by the creators of EOS, Block.one. However, due to the degree of technical competency required to interact with the tool, many EOS token holders have been forced to opt for less trusted software.

Indeed, across community forums, distrust in third-party software created for EOS is matched only by the confusion faced by users engaging with the voting process.

While several pieces of software have been produced to address the issue, some are voicing concerns about the lack of third-party security auditing. Plus, there’s the risk of scams and attacks that can intercept even the most honest developer effort.

“Whenever something is too complicated for people, then bad actors appear which try to exploit those weaknesses,” Krzysztof Szumny, the lead developer of a voting tool called Tokenika, told CoinDesk.

That said, there’s some evidence that such concerns could be contributing to the slow-moving voting, which is, in turn, contributing to the sluggish start of the EOS experiment. At the time of writing, a mere 37.35 percent of the 150 million necessary votes to get the blockchain running have been cast.

As one EOS user on Telegram wrote:

“Pretty sure I’m not the only one who’s waiting until there’s 100 percent safety in terms of putting private keys into new wallets.”

Security spectrum

Backing up, it’s helpful to understand why private keys are needed to cast votes on EOS in the first place.

A private key is required with the use of any of the EOS voting software for two reasons – verifying the vote is legitimate and correlating that vote to a users’ holdings, which is used to determine the weight of a vote.

“Your private key is required to vote whether you are voting from a wallet, a command line tool or anywhere else. No one can bypass this requirement,” said Yudi Levi, CTO and co-founder of Bancor, a blockchain project whose large ICO wrapped in June 2017 and is vying for a block producer candidate spot.

Bancor has also developed a voting tool for the new blockchain called LiquidEOS.

Essentially, using a private key for the voting process equates to transaction signing – where the same type of signature required in order to send a standard crypto transaction is needed.

However, the question boils down to in what way the private key is exposed.

Speaking to CoinDesk, Alexandre Bourget, co-founder of block producer candidate and voting software provider EOS Canada, said the current voting tools are on a spectrum of security, from trustworthy to extremely high risk…

Read Full: EOS’s Experimental Launch Might Be Putting Investor Money at Risk