Hacker Steals 30,000 EOS by Exploiting a Gambling dApp

2019-9-15 01:59

Any cryptocurrency network and its underpinning code are subject to malicious intervention. This is especially true when it comes to smart contracts. Numerous projects offer this functionality, which exposes all of them to potential hacks and theft. For one EOS-based gambling dApp, a recent exploit cost them over 30,000 EOS in the process. It is not unlikely such an attack will be repeated in the future. 

A bad day for EOSPlay

Most people are well aware how EOS is primarily used to build gambling dApps. That is a rather logical development, as the cryptocurrency community often flocks to gambling services, for some unknown reason. As of right now, the top EOS dApps mainly provide gambling services, which attracts a lot of users. Among those users, not everyone has legitimate intentions either. 

For the EOSPlay team, a very problematic scenario has arisen. Not only has its smart contract code been exploited by a hacker, but they also lost over 30,000 EOS in the process. It appears the hacker was able to manipulate the smart contract in such a manner all of the bets placed would result in a profit. How or why something like that is possible in 2019, raises plenty of questions, for obvious reasons. 

How was it Exploited?

The EOS ecosystem is quite intriguing in its own regard. Many different services and technologies are at play at any given moment. Not too long ago, users received the ability to rent and lease CPU and NET through the REX resource exchange. Although this is a welcome addition to the ecosystem,  it was seemingly a matter of time until someone would sue for nefarious purposes. That day has now come, and the consequences should not be ignored.

What attacker did:

1. Rented a huge amount of CPU and NET at #EOSREX resource exchange.

2. Staked CPU&NET for (1) himself and (2) attacked contract.

3. Congested the network.

4. Initiated some transactions to the attacked contract. Won a lot of $EOS in gambling DApps.

— Dexaran (@Dexaran) September 14, 2019

The attacker staked CPU and NET for his own purposes, and attacked the EOSPlay smart contract. This allowed him to negate other users’ transactions, up to a certain degree. After a while, the EOS network becomes slightly congested, which let the attack initiate certain contracts to the gambling dApp in question. The winning conditions were manipulated, and over 30,000 changed hands in very quick succession. Even the developers could not halt this attack while it was in progress due to congestion.

An Inherent Flaw?

Issues like these only highlight the core weaknesses of the different cryptocurrency ecosystems. It is not an issue native to EOS, although the method through which it was exploited certainly is. Smart contract-oriented attacks have been in place on Ethereum for some time as well. In most cases, hackers successfully claim some funds in the process, which will only encourage more criminals to try their hand at this method in the future. 

The bigger question is how the EOS community will respond to this new turn of events. The credibility of the project is far from an all-time high, primarily due to the high degree of perceived centralization. Additionally, the public figure of EOS – Dan Larimar – has made some remarks regarding Bitcoin and Ethereum which weren’t appreciated. Plenty of users wish ill-will upon EOS because of its public face being a persona non grata in the crypto world. A very troublesome situation indeed, albeit one that needs to be rectified as soon as possible. 

Image(s): Shutterstock.com

The post Hacker Steals 30,000 EOS by Exploiting a Gambling dApp appeared first on NullTX.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

EOS (EOS) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0.9581
Капитализация $0 Rank 99999
Цена в час новости $ 3.262 (-100%)

eos gambling dapp hacker steals exploiting one

eos gambling → Результатов: 40


Dan Larimer On 30k EOS Hack, “No Different Than High Fee Transaction Spam On BTC Or ETH”

An exploitation of EOSIO allowed an attacker to gain 30,000 EOS worth over $110k by winning every roll on the gambling decentralized app (DApp) EOSPlay. The attacker used REX, the Resource Exchange is a bucket that collects all the EOSIO resource fees including RAM sales and name auctions, to have the blocks filled with transactions […]

2019-9-15 17:52


Фото:

DApp To The Future: EOS Rockets As Usage Lifts Off

Today’s rally was short-lived, but  EOS is holding steady as the fifth biggest cryptocurrency by market capitalization. Over the past month, the coin’s value has grown by 25%.   EOS Leads the dApp Race One catalyst for EOS’ rise could be its dominant position as a platform for decentralized applications, with gambling fueling much of […] The post DApp To The Future: EOS Rockets As Usage Lifts Off appeared first on Crypto Briefing.

2019-1-15 22:31