A coding error in one of the decentralized apps deployed on the EOS network, touted as competitor to Ethereum, has resulted in the theft of nearly $240,000 worth EOS tokens.
Specifically, a hacker took advantage of a loophole in gambling application EOSBet’s smart contracts, days after it claimed to be one of the safest DApps online.
Hard Fork, which first broke the news, has published the following comment made by EOSBet spokesperson:
“A few hours ago, we were attacked, and about 40,000 EOS was taken from our bankroll. This bug was not minor as was stated previously, and we are still doing forensics and piecing together what happened.”
At the time of writing this article, EOS was trading at $5.43. So, based on the approximate amount lost in the hacking incident, it seems the number of coins lost is nearly 45,000. The team behind EOSBet has temporarily removed the application while they determine the exact reasons for the hack.
“[EOSBet] should be back online relatively quickly. We have narrowed down the bug to a faulty assertion statement in our code. After talking with other developers and BPs, it seems like other games were also attacked using this same exact code (abi forwarder.)”
Using a fake hash, the intruders were able to call the app’s transfer mechanism outwardly spoofing the EOSBet system into transmitting a large chunk of EOS tokens. Hackers and fraudsters later on tried to transfer the stolen loot from the system into their personal wallets by creating fake accounts that mimic EOSBet to make users believe that the casino is compensating clients for lost funds.
Ironically, days before the incident happened, EOSBet Casino made fun of a competitor for getting hacked. They also boasted that their network was superior in a tweet that had been removed ever since.
“DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll. As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on.”
The EOS Bet team published an official statement explaining the hack situation.
“On September 14th around 3:00AM UTC we experienced a hack and breach of our bankroll, resulting in a theft of 44,427.4302 EOS before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we’re back online.”
It also noted that EOS Bet is strengthening its security practices to ensure that no such event would occur in the future.