EOS gambling dApp’s loophole exploited; attacker walks away with 30,000 EOS
The parent blockchain of EOS token, EOSIO became a casualty of an attack, after a gambling dApp was exploited by an attacker, accumulating 30,000 EOS (approximately amounting to 111,000 $) in the process.
The intruder reportedly took advantage of a loophole in the dApp EOSplay, permitting him to win consecutive rolls by filling the blocks with paid transactions.
Twitter user @rektkid, was one of the first to notice the intrusion. He took to the social media platform to explain that the attacker had taken the help of REX, an ESO resource exchange for RAM and CPU outlets, which led to consistent fill-up of blocks with transactions, allowing him to create a continuous win situation on the gambling app. After over 30,000 EOS was transferred to the attacker’s wallet, the blockchain’s network froze.
However, the attack may have effected the network more than it was expected.
Another twitter user Dexaran, provided more insight into the attack and claimed that all his contracts on the EOS mainnet had stopped due to high network congestion. He added that his 20 staked EOS CPU gave him a feeble network signal of 6 ms instead of the 2800 ms in normal state.
“Attack stopped, network is back in a normal mode.
>30K EOS stolen because of the vulnerability of DApp design.
Not $EOS flaw. Just a smart-contract that was hacked. To smart-contract devs: 1. Follow best security practices. 2. Do not rely on on-chain source of entropy in EOS.”