EOS DApp Smart Contract Exploit Pays Out $200K to Hacker

Publié le by Cryptoslate | Publié le

A series of smart contract exploits have seen hackers abscond with over $600,000 worth of EOS over the last week, raising questions regarding the security of the $4 billion "Ethereum killer" EOS blockchain.

Smart contract weaknesses in EOS-based gambling dApp EOBet have allowed hackers to manipulate the outcome of blockchain dice rolls, capturing 126,000 EOS in just 36 hours.

An official announcement from EOSBet explains the manner in which the attack was executed-by exploiting a flaw in smart contract code, the hacker was able to place bets without transferring EOS to the contract, while still capturing payouts from successful predictions.

"DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll. As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on."

EOS transaction records show a DEOS Games user receiving jackpot payouts from the platform 24 times in a row, yielding 4,728 EOS in less than an hour.

We are back up and running with EOS game for last 6+ hours.

Yesterday, we got a malicious contract exploit our contract.

It is a good stress test and we got significant improvements on contract level.

EOSBet has announced that new security measures such as more robust internal code testing, third party auditing, and improved smart contract monitoring will prevent further smart contract exploits.

The EOS security ecosystem has remained a prime target for enterprising hackers both black and white hat-to date, EOS bug bounties have paid out more than $417,000 in 2018 thus far.

x