In the rapidly evolving world of decentralized finance (DeFi), the security of digital assets remains a paramount concern for investors and developers alike. Amidst this backdrop, EOS has once again demonstrated its commitment to pioneering robust security solutions with the latest achievement of Recover+ (R+), a cutting-edge cybersecurity portal and rapid incident response program. Designed to safeguard EOS DeFi projects and their users, R+ has recently marked a significant milestone in its journey to ensure the integrity and safety of the blockchain ecosystem.

Building on a successful legacy, R+ has broken new ground by successfully intervening in an incident involving the EOS EVM, showcasing expanded capabilities beyond EOS Native, unprecedented in the industry. This remarkable recovery operation not only secured nearly 2 million EOS for its rightful owners but it also establishes R+ as the first program of its kind to extend its protective measures to EOS EVM projects.

From Breach to Breakthrough: The PayCash Recovery on EOS EVM

The EOS Recover+ (R+) team confronted a challenging security breach that tested the limits of their capabilities and the blockchain’s infrastructure. The saga began on May 6, 2023, when the R+ team detected a hack targeting PayCash, a project operating within the EOS ecosystem. Efforts to establish communication with the PayCash team were immediately set into motion, but before contact was established the situation escalated as the hacker shifted the stolen funds to the EOS EVM, a domain where—at that time—no established tools or protocols existed to handle such incidents.

The absence of an audit for PayCash compounded the complexity of the situation, prompting months of collaboration between the R+ team, EOS EVM engineers, and the PayCash team to devise a viable recovery solution. The breakthrough came shortly after the release of EOS EVM v0.5.2 in September which introduced several key administrative actions tailored to address critical security vulnerabilities.

In preparation for recovery, on January 25th, the R+ team showcased their proposed solution on the Jungle Testnet, seeking input and support from key EOS engineers including Denis Carrier of EOS Nation and Bohdan of CryptoLions, and initiating broader discussions with EOS Block Producers (BPs) to lay the groundwork for the forthcoming proposal.

On February 19th, a day prior to the proposal submission, EOS BPs were briefed on the proposed technical solution aimed at rectifying the PayCash hack. This preemptive measure was designed to facilitate a thorough verification process, allowing BPs to pose questions and understand the proposal’s intricacies.

On February 21st, the R+ team submitted a Multi-Signature (MSIG) proposal to address the PayCash hack, securing approval from 15 out of 21 Block Producers (BPs). However, this initial proposal failed to execute due to deferred transactions no longer being processed on EOS Mainnet, prompting an immediate and focused response from Francis, the R+ project lead, alongside EOS engineers. They quickly identified and addressed the issue, streamlining their approach for a second submission.

By February 22nd, with the insights gained and adjustments made, a revised proposal was put forward. This time, it successfully navigated the technical challenges and is endorsed by eosio.evm@active permission. These actions initiated the recovery of nearly 2 million EOS that were transferred to eos.recover from the more than 6,000 hacker controlled accounts. This was a truly monumental demonstration of the EOS ecosystem’s resilience and the newfound reach of the R+ program in securing assets on the EOS EVM against sophisticated threats.

On February 26th, PayCash published this open letter to the community:

Dear crypto community,

On Feb 22, 2024, the Recover+ team successfully froze 2 million EOS of compromised funds on EOS EVM and is already in the progress of a final recovery. 

The PayCash team expresses our deepest gratitude to the Recover+ team for their continued support and expertise in ensuring the restoration of justice. This not only highlights the effectiveness of the Recover+ initiative, but also shows how reliable and advanced the EOS ecosystem is. 

As a sign of our appreciation and commitment to creating a more secure blockchain environment, we commit to donate 5% of all recovered funds to further support and develop the Recover+ project. This gesture reflects our contribution to support ongoing efforts to strengthen security measures and protect the EOS community from possible threats, as well as the full popularization of the EOS blockchain. 

With sincere thanks, 

The PayCash Development Team

This episode not only underscores the technical agility and collaborative spirit within the EOS community but also marks a significant milestone in blockchain history. The successful recovery operation highlights the evolving capability of the EOS infrastructure to respond to complex security challenges, particularly within the EVM framework.

The next steps involve continued engagement with the PayCash community and the formulation of a subsequent proposal to ensure the repatriation of the recovered funds to their rightful owners. This incident serves as a testament to the efficacy of R+ and its critical role in safeguarding the EOS ecosystem against sophisticated threats, thereby enhancing the security and trustworthiness of blockchain technology.

The PayCash Recovery Operation TLDR;

  • May 6, 2023: R+ team detects a security breach targeting the PayCash project on EOS.
  • Post-Detection: Efforts to contact the PayCash team begin as the hacker moves funds to EOS EVM, a domain lacking tools for such incidents.
  • Following Months: Collaborative efforts between the R+ team, EOS EVM engineers, and PayCash team to develop a recovery solution.
  • September: Introduction of EOS EVM v0.5.2, bringing administrative actions to address security vulnerabilities.
  • January 25: Proposed recovery solution showcased on the Jungle testnet, engaging EOS Engineers and EOS BPs for feedback.
  • February 19: EOS BPs briefed on the recovery proposal and engaged in lengthy Q&A with the R+ team, facilitating a thorough verification process.
  • February 21: Initial proposal submitted and approved by 15/21 BPs but failed to execute due to deferred transactions.
  • February 22: Francis, the R+ project lead, and EOS Engineers identify a resolution to the issue, leading to a revised proposal. This proposal, overcoming the initial setbacks, was endorsed by eosio.evm@active permission and successfully recovered nearly 2 million EOS from over 6,000 accounts to eos.recover.

“This action exemplifies a solid framework for future non-mainnet governance across EOS, notably for EOS EVM and the anticipated BTCL2. Although no system is perfect, we are committed to refining ours case by case. By embracing this approach, we make strides towards a future infinitely closer to what we imagine, continuously improving the EOS ecosystem in alignment with our vision.”

—Francis Sangkuan, Project Lead, Recover+

How Recover+ Improves the User Experience of DeFi

Currently representing 24 projects with over $34m in TVL, Recover+ stands as a cornerstone in EOS’s arsenal against the ever-present threats in the decentralized finance (DeFi) landscape. This cybersecurity portal and rapid incident response program was conceived out of necessity, addressing the alarming frequency of security breaches, hacks, and scams plaguing DeFi projects. Its mission is straightforward yet critical: to safeguard EOS DeFi projects and their users by enabling swift action to recover stolen funds and mitigate potential losses.

At the heart of R+’s value proposition is its profound impact on the user experience within the Web3 space. By offering a robust layer of protection, R+ acts as a kind of immune system for the ecosystem, empowering users with confidence in their transactions and investments. This security net is invaluable, as it not only protects assets but also fosters a sense of safety and trust among project owners and participants, encouraging broader adoption and engagement with DeFi applications.

Originally tailored for EOS Native, R+’s reach has significantly expanded with its integration into EOS EVM. This strategic extension marks a new phase of evolution, bringing its sophisticated incident response capabilities to Ethereum-based projects. This inclusivity reflects a broader vision for blockchain security, one that transcends individual ecosystems to provide a unified front against digital threats. By bridging this gap, R+ not only enhances the security of EOS but also enriches the broader blockchain community, setting a new benchmark for what is achievable in DeFi security.

The program’s engagement threshold, currently set at a minimum of $1 million, underscores its commitment to protecting substantial investments within the ecosystem. Each incident is evaluated on a case-by-case basis, ensuring that the program remains accessible and responsive to the diverse needs of the community. Such flexibility is emblematic of R+’s user-centric approach, prioritizing the protection of assets across the spectrum of DeFi projects and stakeholders.

Read More About the Impressive Legacy of Recover+

Guardians of the Blockchain: The Indispensable Role of Recover+

The PayCash recovery operation orchestrated by the R+ team epitomizes the cutting-edge and indispensable role of R+ within the EOS ecosystem. Through innovative solutions and collaborative efforts, R+ successfully navigated the complexities of a significant security breach, culminating in the recovery of nearly 2 million EOS. This operation not only demonstrates R+’s technical prowess but also its essential function in safeguarding the EOS community against sophisticated threats.

Distinctively, R+ sets the EOS Network apart from other blockchain ecosystems by offering unparalleled security and user protection. Its ability to address and rectify security breaches, especially in the challenging domain of EOS EVM, underscores EOS’s commitment to maintaining a secure and trustworthy environment for its users and developers.

This incident serves as a compelling invitation for projects within the EOS ecosystem to engage with R+. The program stands ready to offer its protective measures and rapid response capabilities, ensuring that the EOS community remains resilient in the face of potential security challenges. By leveraging R+’s resources and expertise, projects can fortify their defenses, safeguard their assets, and contribute to the overall security and integrity of the EOS ecosystem.

Building on EOS? Get in touch with Recovery+ to secure your future today.

EOS Network

The EOS Network is a 3rd generation blockchain platform powered by the EOS VM, a low-latency, highly performant, and extensible WebAssembly engine for deterministic execution of near feeless transactions; purpose-built for enabling optimal Web3 user and developer experiences. EOS is the flagship blockchain and financial center of the Antelope framework, serving as the driving force behind multi-chain collaboration and public goods funding for tools and infrastructure through the EOS Network Foundation (ENF).


The EOS EVM is an emulation of the Ethereum EVM, housed within an EOS smart contract. It offers feature parity to other EVMs in the space but with unmatched speed, performance and compatibility. EOS EVM connects the EOS ecosystem to the Ethereum ecosystem by allowing developers to deploy a wide array of Solidity-based digital assets and innovative dApps on EOS. Developers can use EOS EVM to take advantage of Ethereum’s battle-tested open source code, tooling, libraries and SDKs, while leveraging the superior performance of EOS.

EOS Network Foundation

The EOS Network Foundation (ENF) was forged through a vision for a prosperous and decentralized future. Through our key stakeholder engagement, community programs, ecosystem funding, and support of an open technology ecosystem, the ENF is transforming Web3. Founded in 2021, the ENF is the hub for EOS Network, a leading open source platform with a suite of stable frameworks, tools, and libraries for blockchain deployments. Together, we are bringing innovations that our community builds and are committed to a stronger future for all.