Two EOS gambling platforms have been hacked in the last week. An amount totaling $250,000 USD. In the same week, another platform, EOSBet, paid out $600,000 to one user in a claimed ‘jack-pot,’ though some aren’t so sure. What’s going on? What’s with the EOS hacks?
The EOS smart contracts appear to be rather fallible. The first of the EOS hacks happened on DEOSGames. A user named Runningsnail kept winning $1,000 payments over and over again. Over a dozen times actually. Runningsnail would deposit 10 EOS and then win the jackpot 30 seconds later. The process happened over and over as though automated every 30 seconds.
DEOSGames confirmed that its smart contract had been hacked and that Runningsnail wasn’t just extraordinarily lucky.
Flaws in the Code
The second of the EOS hacks occurred on EOSBet. Whereby a heister made away with the much-bigger sum of $236,000 USD.
The hacker took advantage of a flaw in the code. This flaw meant they could bypass the esio.token ->transfer function, meaning their funds were not deposited to the smart contract. Subsequently, whenever they lost, they didn’t have to pay. However, if they won, they would win real funds that could then be cashed out.
Basically, the hacker was able to gamble risk-free and ensure they got, in essence, free money.
The team posted the same vulnerable section of code on their website for inspection and had a series of experts fix it. The team statement read:
“We take security very seriously at EOSBet. Our code was audited extensively by our development team and multiple independent 3rd parties.”
EOSBet is having an unlucky week it seems. Another potential EOS hack is being investigated. Earlier in the week, a user won $600,000 in a series of consecutive wins. This time the winner continually doubled their money in a series of ‘very lucky’ dice rolls over the course of 36 hours.
Tighten up those smart contracts, or you may face another bevy of EOS hacks!
Featured Image: Depositphotos/© billiondigital
(function(d, s, id)
var js, fjs = d.getElementsByTagName(s);
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = “http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6”;
(document, ‘script’, ‘facebook-jssdk’));