Hacker wins jackpot 24 times in a row after exploiting EOS betting platform
A hacker exploited DEOSBet, an EOS-based betting platform operated by DEOSGames. In less than an hour, the betting platform reportedly paid 24 times in a row to one individual.
According to a report by TheNextWeb, despite depositing only 339 EOS, the account “runningsnail” managed to get more than 4,728 EOS (approx. $23,640). Interestingly, the account was created just a day before the funds were sent for betting.
By tracking the transactions via an EOS blockchain explorer, it was noticed that 197 jackpot, each of almost $1,000, were being paid to the account runningsnail repeatedly.
The exploit was confirmed by DEOSGames on its social channels. “Yesterday, we got a malicious contract exploit our contract,” a statement read. “It is a good stress test and we got significant improvements on contract level.”
Reportedly, the wins were automatic, the account runningsnail deposited 10 EOS and the jackpot was paid within 30 seconds. According to the report, runningsnail has so far had the maximum wins and is trying experiment with other EOS betting dApps, with hopes of another soft target.
However, the vulnerability faced is unclear and unique to DEOSBet, and is not known if it extends to all such EOS smart contracts. Though the amount might seem small as compared to other massive hacks, one cannot deny that these kind of hacks are becoming increasingly prevalent.
In fact, just a few weeks ago, a similar incident was noted in EOSBet.io. During that time, the betting dApp was forced offline, and another critical flaw in the blockchain was found by the researchers.
To ward off potential hacker attacks, bug bounty programs to discover loopholes on the blockchain are launched. These bug bounty programs invite hackers to find vulnerabilities on the blockchain, for which they will receive a reward. Reportedly, this year witnessed cryptocurrencies worth $761 million lost to hacking and theft.
EOS heralds the list of most number of bug bounty programs, according to another TheNextWeb report. EOS has spent around $417,000 on rewards for bug bounty programs and has increased its reward from $300 to $2100 this year.
Coinbase is closely following EOS with stats suggesting over $281,000 drained in bug hunting. Blokchain and Augur trail behind Coinbase with their bug bounty reward expenditure standing at around $10,000.
Image via Shutterstock
Join our Telegram group