In another series of attacks exploiting weakness with EOS, two new stories came out this week regarding EOS gambling platforms.
The first hack against an EOS gambling platform was against DEOSGames. A gap in a security feature saw a user named Runningsnail winning a $1,000 jackpot. Then they won again. This process happened in thirty second intervals, where the hacker would deposit 10 EOS and when thirty seconds later. The gambling platform confirmed that a security breach took place versus just having one user on a hot streak.
EOSBet, also succumbed to the whims of a hacker. The cybercrook found a loophole in the code where they could circumvent the esio.token ->transfer function. By bypassing this stage, funds were not actually deposited and if they lost, no funds were paid out. Though the flipside is that if they won, they could withdrawal real funds. This consequence-free method lead to the criminal making off with $236,000 USD.
The EOSBet team responded:
“We take security very seriously at EOSBet. Our code was audited extensively by our development team and multiple independent 3rd parties.”
The $236,000 heist may just be a drop in the bucket for EOSBet, as earlier this week, an “unconfirmed” hack may have seen a user walk away with $600,000 after a winning streak over 36 hours. The lucky winner would continually double down until reaching the impressive payout.