A series of smart contract exploits have seen hackers abscond with over $600,000 worth of EOS over the last week, raising questions regarding the security of the $4 billion “Ethereum killer” EOS blockchain.
Smart contract weaknesses in EOS-based gambling dApp EOBet have allowed hackers to manipulate the outcome of blockchain dice rolls, capturing 126,000 EOS in just 36 hours.
An official announcement from EOSBet explains the manner in which the attack was executed—by exploiting a flaw in smart contract code, the hacker was able to place bets without transferring EOS to the contract, while still capturing payouts from successful predictions.
Dice is back online! Thanks for your patience during this period of downtime. Our official statement on the transfer hack that occurred can be found here: https://t.co/BfmiXCRzA7
— EOSBet (@EOSBetCasino) September 15, 2018
Smart Contract Flaws Run Rampant in EOS dApp Ecosystem
The EOSBet platform isn’t the only EOS dApp to lose out to smart contract security flaws over the last week, however—the EOSBet team was quick to mock competitor DEOS Games for the loss of $24,000 in EOS due to a smart contract exploit in a tweet that has since been deleted:
“DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll. As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on.”
EOS transaction records show a DEOS Games user receiving jackpot payouts from the platform 24 times in a row, yielding 4,728 EOS in less than an hour.
We are back up and running with EOS game for last 6+ hours. Yesterday, we got a malicious contract exploit our contract. it is a good stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!
— DEOSGames (@DEOS_Games) September 10, 2018
EOSBet has announced that new security measures such as more robust internal code testing, third party auditing, and improved smart contract monitoring will prevent further smart contract exploits. The EOS security ecosystem has remained a prime target for enterprising hackers both black and white hat—to date, EOS bug bounties have paid out more than $417,000 in 2018 thus far.
Cover Photo by Blake Cheek on Unsplash