CryptoSunday vol.32

SHARE THIS POST:

Welcome in 32th episode of CryptoSunday. Today we don’t have happy news for you. We will bring the matter of two hacker attacks that took place in the recent days on gambling websites.

Two EOS gambling websites hacked

The first attack happened on September 9th on the platform called DEOSGames. The user with a nickname runningsnail suspiciously won several times $1,000. Normally it would be called a winning streak, but 30 seconds after depositing 10 EOS, the user won a jackpot. The same situation happened many times which you can see on the user’s account overview.   

Soon after, DEOSGames confirmed that its smart contract had been hacked.

As the first hacker attack was not that costly, the second one was definitely bigger. The cryptocurrency society got to know about the problem from the official statement published on Reddit by EOSBetCasino. As you can read, the second hack attack on a gambling website occurred on September 14th. There was over 44,427 EOS stolen.

“Dear EOSBet Community,

On September 14th around 3:00AM UTC we experienced a hack and breach of our bankroll, resulting in a theft of 44,427.4302 EOS before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we are back online. We want to be as transparent as possible in explaining this breach and addressing any concerns the community might have.”

The hacker who stole EOS tokens found the “hole” in a code that allowed to bypass the esio.token->transfer function. That means that hacker’s funds weren’t deposited. Every time the thief lost, he didn’t have to pay. In case of winning, the hacker won the real funds which could be cashed out. Benefiting from the system’s flaw, the thief could gamble without any risk.

In the official statement, the company posted a piece of code that was allegedly responsible for that, but the case is still not fully clear. The presented piece of code has been already “fixed”. Some users have congratulated the team for reacting quickly, but some have mocked the company for employing unqualified programmers.

The company has explained themselves by saying:

“We take security very seriously at EOSBet. Our code was audited extensively by our development team and multiple independent 3rd parties.”

Check previous episodes of CryptoSunday vol.31, vol.30, vol.29!

 

If you want to comment this article, visit our Blockchain24.co forum!

The blockchain24.co site shall not be held responsible for any consequences resulting from the use of data contained in the pages of the site.