Connect with us

Altcoins

EOS gambling dApp’s loophole exploited; attacker walks away with 30,000 EOS

Mark Prestwood

Published

on

Source: Pixabay


The parent blockchain of EOS token, EOSIO became a casualty of an attack, after a gambling dApp was exploited by an attacker, accumulating 30,000 EOS (approximately amounting to 111,000 $) in the process.

The intruder reportedly took advantage of a loophole in the dApp EOSplay, permitting him to win consecutive rolls by filling the blocks with paid transactions.

Twitter user @rektkid, was one of the first to notice the intrusion. He took to the social media platform to explain that the attacker had taken the help of REX, an ESO resource exchange for RAM and CPU outlets, which led to consistent fill-up of blocks with transactions, allowing him to create a continuous win situation on the gambling app. After over 30,000 EOS was transferred to the attacker’s wallet, the blockchain’s network froze.

Source: Twitter

However, the attack may have effected the network more than it was expected.

Another twitter user Dexaran, provided more insight into the attack and claimed that all his contracts on the EOS mainnet had stopped due to high network congestion. He added that his 20 staked EOS CPU gave him a feeble network signal of 6 ms instead of the 2800 ms in normal state.

He contemplated the intruder’s plan of action and addressed how the attack occurred. An update on the network was released by Dexaran. He said,

Attack stopped, network is back in a normal mode.

>30K EOS stolen because of the vulnerability of DApp design.

Not $EOS flaw. Just a smart-contract that was hacked. To smart-contract devs: 1. Follow best security practices. 2. Do not rely on on-chain source of entropy in EOS.”

Mark is a full-time member of the Editorial team of AMBCrypto. With his five-year experience as a business editor for one of the largest dailies in the US, Mark brings sanity and order to our editorial team. Mark is a business major and loves building automotive parts when he's not working. Email him at [email protected] or [email protected]

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *