Hacker exploits EOS betting platform to ‘win’ jackpot 24 times in a row

hacker exploits eos betting platform to win jackpot 24 times in a row
An EOS-based decentralized app (dApp) has been paying out big time. DEOSBet, a betting platform operated by DEOSGames, has been drained of a significant chunk of its operating funds in a heist that netted one ‘lucky’ punter almost $24,000.
Over less than an hour, a decentralized dice betting game paid its jackpot 24 times to just one individual. Despite depositing just 339 EOS EOS ($1,695), after the lucky streak was over, EOS account “runningsnail” somehow managed to walk away with more than 4,728 EOS (approx. $23,640).
The lucky account was created less than a day before funds were first sent for betting. Tracking relevant transactions via an EOS blockchain explorer, we can see the 197 EOS jackpot, each the equivalent of almost $1,000, being paid to runningsnail repeatedly.

hacker exploits eos betting platform to win jackpot 24 times in a row 1

The wins were seemingly automatic. Each and every time runningsnail deposited 10 EOS, the jackpot was paid within an average of 30 seconds.
So far, runningsnail has kept most of his winnings – but we can see that he has started experimenting with some other EOS betting dApps, perhaps looking for another soft target.

hacker exploits eos betting platform to win jackpot 24 times in a row 2

DEOSGames has confirmed the exploit on its social channels. “Yesterday, we got a malicious contract exploit our contract, ” a statement read. “it is a good stress test and we got significant improvements on contract level.”
It remains unclear of the vulnerability is unique to DEOSBet, or if it extends to all similar EOS smart contracts. We’ve asked the company for a clarification.
While $24,000 might seem like small change compared to other world-shaking cryptocurrency heists, the prevalence of these small-time hacks is growing. Betting dApps running on EOS, in particular, are being picked apart frequently.
Just a few weeks ago, a vulnerability was similarly exploited in In the fallout, its betting dApp was forced offline, and the bug eventually led researchers to find another critical flaw in the EOS blockchain.
The discovery of vulnerabilities in EOS code is a lucrative business in itself. Researchers digging into EOS’ code have collected over $417,000 in bug bounties; for context, the sum represents two-thirds of all cryptocurrency bug bountines on HackerOne this year.

See also  3 ways the blockchain industry is slowly moving towards gender equality

Source: The Next Web

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button
%d bloggers like this:

Adblock Detected

Please consider supporting us by disabling your ad blocker