Top-rated dApp robbed of 45k EOS; fixes code, updates security procedures.
EOSBet, one of the more successful decentralised apps yet to make it out into the wild, suffered something of an embarrassing hack late last week that saw around 45,000EOS tokens lifted from its account, worth around $235,000 based on the current price of the token.
The hacker – a user by the name of ‘aabbccddeefg’ – exploited a bug in the EOSBet dice game code that allowed them to essentially place free bets – winnings were paid out when they won, but games cost them nothing if they lost. In one of the great quirks of blockchain apps, the questionable transactions related to aabbccddeefg can be publicly viewed, and the path of the missing EOS tracked to various accounts all created by a prime account: ‘guydgnjygige’.
For example, 10,000EOS went to-and-fro from the aabbccddeefg account to another called ‘cctvworldcup’, while over 35,000EOS has gone out to another called ‘adobesystems’, also created by ‘guydgnjygige’ (with no connection to the real Adobe Systems). EOS in that adobesystems account has since largely been routed to what appears to be a Binance wallet: ‘Binancecleos’ (Binance Clearing EOS?).
At the time of writing, the main aabbccddeefg account is down to just 126 EOS. A look at recent transactions shows that whoever owns it has recently taken a little time out play a bit of Blockchain-based Space Invaders with their ill-gotten gains. They have even been back to EOSBet to roll a few more dice.
For it’s part, the creators of the game quickly moved to freeze its smart contracts and patch the problems with its code when it became aware of the problem. Indeed, it took to Reddit to quickly outline exactly what had gone wrong with its smart contracts in great details and respond to a few reader queries (see above link) regarding how it had patched up the problem. Its representative also said it had approached the ESOIO Core Arbitration Forum (ECAF) to try and recover what it can from the aabbccddeefg account – possible with the features of the EOS blockchain – though that’s not very much now, as it would appear that much has now been exchanged.
While EOSBet was widely praised for its honest and quick response to the hack, it’s still an embarrassing faux pas. Especially as, according to a report from Trybe, EOSBet had shown no little schadenfreude when DEOS games – which it described as operating a ‘clone’ of its offering – was attacked a few days back, costing it $24,000. Apparently a – now deleted – tweet said:
“DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll. As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on #EOSBET. #EOS”