This article was published on October 15, 2018

Hackers target EOS gambling dApp once again, $338K believed stolen

... which would mean over $500K has been stolen from EOSBet in just one month


Hackers target EOS gambling dApp once again, $338K believed stolen

Hackers are believed to have stolen hundreds of thousands of dollars worth of EOS cryptocurrency from blockchain-powered gambling dApp EOSBetagain.

Thieves have exploited another vulnerability in the automated dice game, allegedly taking at least $338,000 from its operational wallets.

By injecting standard EOS accounts with malicious code, digital baddies appear to have tricked its smart contract into mistakenly crediting their accounts with large amounts of cryptocurrency.

Shown below are three transactions thought to be illegitimate. They detail one of the attackers accounts (“ilovedice123”) siphoning 65,000 EOS ($338K) directly to a major cryptocurrency exchange.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The EOSBet team is yet to reveal the full extent of the damage, but a block producer did confirm developers have since patched the platform.

EOS wallets injected with code

Hackers added malicious code to their EOS wallets, causing a targeted account to instantly grant attackers with cryptocurrency every time they sent transactions between themselves.

In this case, the code activated EOSBets‘ “transfer” function, tricking it into matching every EOS sent with equal amounts from its operational wallets.

Here, we can see the dodgy transactions happening rapidly, draining a significant chunk of EOSBets‘ holdings in less than a minute. Each transaction is thought to represent another 500 EOS gained by the thieves.

Just a month ago, hackers stole $200,000 from EOSBet by exploiting a different security flaw in its smart contract. Only days earlier, its developers had declared their platform to be the safest of its kind.

Well, after that incident, EOSBet promised the code had been audited “extensively” by its development team and “multiple independent third parties.” They then pledged to “harden” their security measures.

Let’s see if a further $338,000 in losses inspires some more drastic changes.

Craving more blockchain? Join us at Hard Fork Decentralized, our three-day event in London. We’ll discuss the industry’s future together. You can now register on our website!

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with