Welcome in 32th episode of CryptoSunday. Today we don’t have happy news for you.
Two EOS gambling websites hacked
The first attack happened on September 9th on the platform called DEOSGames. The user with a nickname runningsnail suspiciously won several times $1,000. Normally it would be called a winning streak, but 30 seconds after depositing 10 EOS, the user won a jackpot. The same situation happened many times which you can see on the user’s account overview.
We are back up and running with EOS game for last 6+ hours. Yesterday, we got a malicious contract exploit our contract. it is a good stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!
— DEOSGames (@DEOS_Games) 10 września 2018
Reddit by EOSBetCasino. As you can read, the second hack attack on a gambling website occurred on September 14th. There was over 44,427 EOS stolen.
“Dear EOSBet Community,
On September 14th around 3:00AM UTC we experienced a hack and breach of our bankroll, resulting in a theft of 44,427.4302 EOS before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we are back online. We want to be as transparent as possible in explaining this breach and addressing any concerns the community might have.”
The hacker who stole EOS tokens found the “hole” in a code that allowed to bypass the esio.token->transfer function. That means that hacker’s funds weren’t deposited. Every time the thief lost, he didn’t have to pay. In case of winning, the hacker won the real funds which could be cashed out. Benefiting from the system’s flaw, the thief could gamble without any risk.
The company has explained themselves by saying:
“We take security very seriously at EOSBet. Our code was audited extensively by our development team and multiple independent 3rd parties.”
If you want to comment this article, visit our Blockchain24.co forum!
The blockchain24.co site shall not be held responsible for any consequences resulting from the use of data contained in the pages of the site.