Self-advertised as the safest gambling app on the market, EOS-based gambling dApp EOSBet has been hacked for the second time in the last month. This time, the hackers are believed to have successfully gotten away with at least $338,000 from the platforms operational wallets, Hard Fork reports.
EOSBet’s first security breach took place in mid-September of this year, wherein 40,000 EOS tokens (~$200k) were lost. The hackers are reported to have exploited vulnerabilities in EOS’ smart contract protocols.
It appears this time that the hackers were able to use standard EOS accounts equipped with malicious code to trick EOS’ smart contract platform into mistakenly crediting their accounts with large amounts of cryptocurrency.
One of the hackers’ accounts, “Ilovedice123” was able to extract 65,000 EOS ($338k) onto a major cryptocurrency exchange.
EOSBet has notified the public of the breach in a Medium post published today, October 15th. A recent update states that the platform has been patched.
Hard Fork reports that by using EOS wallets injected with malicious code, the hackers were able to trigger targeted wallets to send cryptocurrency directly to their wallets every time they made transactions between themselves.
The code was used to activate EOSBets’ “transfer” function which would automatically match the EOS transferred between the hackers from its operational wallets.
Below is a screenshot of a series of 500 EOS transactions between hacker wallets Ilovedice123 and whoiswinner1. Each time one of these transactions took place, 500 EOS were drained from EOSBets’ holdings. The image shows more than 5,000 EOS transacted in less than a minute.
This latest attack likely eviscerates whatever confidence was left in EOSBets’ security in the wake of the September attack. The company had pledged to cast a series of extensive audits by its development team and multiple third party security companies as a means of hardening its security measures. However, sufficient action has clearly yet to be taken.
What’s more is that it isn’t clear whether or not these series of hacks are the only illicit activity taking place on the platform. In early September, one user profited over $600,000 on EOSBet after repeatedly doubling his money over the course of 36 hours. This drew a heavy amount of suspicion from the community, but an EOSBet spokesperson reported there was absolutely no evidence of foul-play, claiming that the lucky gambler’s $600,000 profit had been won legitimately.
The post EOS Gambling dApp EOSBet Hacked for a Second Time, $338k Stolen appeared first on UNHASHED.