Recover+ (R+) is a cyber security portal funded by the EOS Network Foundation. It provides the EOS community members with information on EOS projects and historical hacking incidents.The portal also provides users with hacking incident solutions and some necessary toolkits to help recover assets. The DPoS governance system is the important feature on EOS that actually offers a solid solution to recover stolen funds at times of major hacking incidents. Before the advent of R+, the system successfully resolved two major EOS asset stolens. R+ makes all EOS members theoretically have a chance to get access to such a tool. But in the real world cases, we strongly suggest only victims of major hacking incidents seek to use such a tool. Incidents like phishing attacks or losing private keys, individual scams, are unlikely to be covered under the current R+ framework.

Q: Instead of a project owner, I‘m an individual user who lost funds (or keys), what can I do?
A: Eosrecover.com is predominantly for hacked smart contracts. Individual users that have been victims of hacks are well-advised to reach out to the EOS Support team, where they can talk to a trusted expert and avoid further damage.

Q: I‘m an average user, what should I do with R+?
A: Malicious hacking attacks could happen to any person and project. Learning the basic fund recovery framework and specific features of the EOS network is always beneficial. And optimizing the R+ platform is a long-term and ongoing effort. EOS members are welcome to participate in this process by offering advice and opinions for specific functions, adding/editing project information, or ringing the alarm when encountering an attack. Join our Discord and Telegram channels for further discussions.

Q: I’m a project developer on EOS. How is R+ useful to me?
A: We suggest that all project developers should be familiar with the information and best practices provided on this platform, so they are prepared and can react quickly in an emergency situation. When a hack happens, at least they should already know where to find the right tools and who are the best contacts to talk to. Projects that register and get listed on the R+ platform can minimize the time consumption for the community to identify a hacking attack and therefore increase the chances of fund recovery. Join our Discord and Telegram channels to have a better connection with the community, a good public presence can be a key to overcoming many hack-related complications.

Q: I‘m a project developer and I just got hacked. What should I do?
A: First, try to suspend all related functions to stop further damage. Second, contact a professional security team to analyze the attack and attempt to track the hacker. Contact bridges and centralized exchanges and provide them with hacker information to stop the escape of the stolen funds. Third, submit an incident on R+ portal and provide the information related to the hack. Initiate an emergency freeze proposal to restrict target hacker accounts using the R+ tool box, and contact the BPs and recover the funds through the EOS DPoS governance framework. Fourth, monitor the hacker accounts and wait for transactions that contain messages from the hackers (messages delivered in memo, etc.) . Fifth, release a public announcement to clarify the situation and warn the users to avoid secondary damage (such as interacting with hacked smart contracts or Telegram scammers).

Q: I‘m an EOS block producer. How can our team support Recover+?
A: R+ collects, verifies and displays important information about EOS projects for community members, especially the block producers (BPs). As the representatives of the EOS DPoS governance framework, BPs are invited to create profiles on the R+ portal to express the political views on hack-related topics and also what kind of information they require from projects that got hacked when a hacking actually happens. DPoS governance perspective:

Q: I’m a whitehat hacker and I found vulnerabilities in an EOS project. How should I do?
A: The bug bounty section is still under development. Please contact us by email for more detailed information.

Q: What does DPoS governance mean when facing a hacking incident?
A: The DPoS mechanism on EOS means 21 voted/elected block producers, representing the entire network, are authorized to handle specific cyber security crises under a public governance framework in order to protect the intentions of the network. In reality, 15/21 BP approvals are essential to execute any proposals to limit hackers’ actions. For a centralized network, one person could make many important decisions, but on EOS each BP has their own considerations and standards before having any moves, convincing 15+ BPs to participate in a DPoS governance is extremely difficult. A key function of R+ platform is to create a bridge between hack victims and BPs. R+ provides necessary toolboxes and networking to the victims and provides comprehensive project and hacker information to BPs, easing the connection barrier and the decision-making process.

Q: What is the R+ security committee?
A: Although R+ has lowered the threshold for initiating a hacker account freezing proposal, the most difficult part in the process of recovering stolen assets through the EOS governance framework is actually how to complete the analysis and verification of related attacks, and how to organize various information and pass it to the block producers to prove that this governance proposal is urgent and necessary, and also ensure that this governance process will not cause secondary damage (such as potential injury to innocent accounts in the process of freezing hacker accounts). Recovering stolen assets is extremely difficult, and individual projects often struggle to obtain sufficient resources to complete all the prerequisites. The R+ security Committee was established in the hope of providing all kinds of emergency assistance to victims in the incident of an incident. Ideally, the committee will be composed of members of the EOS Network Foundation, major EOS projects and professional security teams. The committee will provide professional advice to community members, especially during hacking incidents. Many key development decisions for the R+ platform will also be made by this committee. Members: