EOS has a centralized system for disputing and freezing accounts via the EOSIO Core Arbitration Forum (ECAF). The ECAF runs a blacklist of EOS accounts that contain supposedly stolen funds, and all 21 EOS block producers must simultaneously enforce the blacklist in order for it to be effective.

However, a rogue block producer named games.eos did not configure the blacklist, resulting in 2.09 million EOS worth $7.5 million being transferred out of the blacklisted account. The 2.09 million EOS apparently were spread to over 100 different EOS accounts quickly, making the situation unfixable for the ECAF. A video about this incident can be viewed below.


Essentially, if any of the 21 EOS block producers does not enforce the ECAF blacklist then all of the funds in the blacklist can be transferred out. Further, the EOS block producers change every minute, so if a new rogue block producer reaches the top 21 for even a minute, the entire blacklist can be compromised.

In this case, the rogue block producer games.eos was voted out of the top 21 soon after the 2.09 million EOS in the blacklist were moved.

A block producer named EOS42 has proposed to nullify the keys on blacklisted accounts via the eos.wrap function, so even if a blacklist failure like this occurs again, the blacklisted funds will not be transferable. This will give ECAF as much time as it wants to rule on a case.

Notably, ECAF and EOS block producers not only have the power to freeze an account with the blacklist, but they also have the power to transfer EOS from one account to another.

Is It Time to Get Rid of the ECAF Instead of Giving It More Power?

The idea behind the ECAF is noble. It is designed to resolve hacks and return funds to victims. However, the ECAF and coordination with EOS block producers have resulted in EOS lacking immutability and becoming centralized.

Centralization and lack of immutability contradict the original reason cryptocurrency was created, and a majority of the crypto space is against such centralization. The problem with centralization is it creates points of failure, unlike a purely decentralized system like Bitcoin (BTC) which has no centralized points of failure.

The problems with centralization is highlighted by this incident. Now that the ECAF blacklist has failed, EOS42 is proposing to increase the power of ECAF by immediately nullifying the keys of any accounts that end up on the blacklist. This is a dystopian situation since if this happens then the ECAF can literally take EOS away from any account, take as long as they want to decide what to do with the EOS, and then give the EOS to anyone they choose.

Although the incident of 2.09 million EOS escaping the blacklist is being branded as a failure, it actually represents decentralization and brings balance to the EOS network. If block producers decide that ECAF is doing something unjust in an arbitration case, then the block producers can decide to release an account from the blacklist. It appears that soon ECAF will have total power and the block producers will have no say.

It gets worse. The ECAF is actually paid anywhere from $20 to $27,000 for arbitrating cases. This can possibly cause the ECAF to be biased to help claimants that pay such large fees. If bias occurs, it opens up the door for cases where someone transferred EOS to someone else for money then going to the ECAF and freezing the rightfully transferred funds and ultimately getting them back.

That’s not to mention that anyone who is actually part of the ECAF could probably abuse their power at the ECAF to threaten and steal from others. The fact of the matter is there is zero regulatory oversight for the ECAF, and no real guarantee that it will act honestly.

Ultimately, the reason Satoshi Nakamoto created Bitcoin (BTC) in a decentralized way is that any form of centralization can spiral out of control and compromise a financial network. Once power is centralized into the hands of certain people, it causes numerous complications from greed and mistakes.

The goal of the ECAF is honorable and its methods would work in an ideal world. However, instead of giving ECAF more power after this incident, perhaps it would be best to do away with the ECAF at this point and leave it up to each individual user to secure their EOS.