EOS gambling dApp EOSBet hacked again, $338k Stolen
Hackers are at it again. After last month’s hack on EOS for $200k, it’s reported that an additional $338k in EOS tokens has been stolen from EOS gambling dApp EOSBet.
EOSBet despite advertising itself as the safest gambling app on the market has had a hard time dealing with hackers who’ve managed to exploit vulnerabilities in one of their automated dice games.
The first security breach happened in the middle of September, cause being faulty code allowing hackers to steal close to 40,000 in EOS tokens ($200k). The hack proves that smart contracts still contain critical bugs that are being exploited by hackers.
This time around, one of the hackers “Ilovedice123” was able to use standard EOS accounts equipped with malicious code to dupe EOS’ smart contract platform into mistakenly crediting their account with 65,000 EOS ($338k) tokens that were then moved onto a major cryptocurrency exchange.
A screenshot was shared by thenextweb showing three illegal transactions showing the hacker getting away with 65,000 EOS tokens.
EOSBet has not yet revealed the extent of the hack but in a medium post did confirm that it was not a system vulnerability and have since patched the platform.
How it happened
Hackers used EOS wallets equipped with malicious code. They then proceeded to trigger targeted wallets to send cryptocurrency every time they made transactions among themselves. The code then activated EOSBets‘ “transfer” function, which would automatically match the EOS transferred in equal amounts between the hackers from its operational wallets.
Here’s a series of 500 EOS transactions between hacker wallets Ilovedice123 and whoiswinner1 draining a significant chunk of EOSBets‘ tokens in less than a minute.
With a total tally of over $500k stolen in just over a month, EOSBets’ security audit is under question. Just last month, EOSBet posted on medium their intent to bring more security into the system with the code being audited “extensively” by developers. We hope this time around they are more focused on their job.
Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.
Did you like the news you just read? Please leave a feedback to help us serve you better