Just a month following a significant heist, hackers have identified yet another vulnerability within the EOSBet ecosystem, striking again with alarming efficiency. EOS tokens worth about $338,000. A trio of unauthorized transactions confirmed the hackers' account draining 65,000 EOS (about $338,000) from the gambling platform's operational funds.
The automated dice game fell prey to weak security features, allowing perpetrators to manipulate smart contracts into erroneously crediting their accounts by injecting rogue scripts.
The EOS The team has yet to release a statement on the full extent of the breach, but a blockchain producer highlighted the vulnerability, calling for enhanced scrutiny measures. Medium read in part:
\"Weak points were identified in several contracts that utilize notifications from other contracts. It is crucial to verify all parameters fully, as merely checking the contract name and action isn't adequate.\"
Malicious Codes into EOS Wallets
Malicious codes introduced into EOS wallets prompted the immediate activation of funds transfer features, making transactions mimic the flow of equivalent cryptocurrency values from the primary wallet. This involved orchestrated exchanges among the hackers themselves to trigger more crypto creation.
The illicit transactions occurred with astounding speed, with EOSBet's reserves substantially drained within sixty seconds, each unauthorized exchange representing another 500 EOS seeping into the criminals' possession.
More Knocks for EOS
Not long after EOSBet proudly claimed the title of the safest platform of its kind, a security lapse was exploited by hackers. smart contract resulting in the unlawful appropriation of 40,000 EOS, equating to almost $200,000. While attempting to soften the blow, a company representative labeled the event as a 'minor issue.' HardFork Reports covering the incident featured a company spokesperson saying:
\"A few short hours ago, we experienced an attack, with approximately 40,000 EOS misappropriated from our bankroll. Contrary to previous statements, this bug was anything but minor, and we are actively delving into forensic details to understand how it unfolded.\"
In response, the company stated that the dApp would be temporarily deactivated while they \"determine precisely what transpired,\" having identified a coding error responsible for the malfunction in the assertion statement. The company's assurance was that their development team and multiple independent parties had thoroughly inspected the code, pledging to bolster security protocols moving forward.
With this latest breach happening merely a month apart from the previous one, public faith is expected to wane. Hackers seemed to have exploited the transfer mechanism similarly to their initial strike. The flawed hash facilitated the unauthorized movement of substantial EOS sums, reflecting poorly on developers whose code was supposedly vetted. With such occurrences, community confidence wavers as questions arise about the company’s capacity to implement preemptive countermeasures against potential attacks.
Hackers and Gambling Portals
Back in 2009, there were claims of hackers conspiring with a insider in Israel’s Sports Betting Council, managing to embed a program within the council's primary computer system. This program intended to access a database containing details of around 400,000 participants in the Toto lottery overseen by the Betting Council, creating an opportunity for hackers to coerce winners.
Investigations unveiled the involvement of several individuals within the complex framework of the organization. The incident was concealed to prevent an outcry that might have cast a negative light on various governmental bodies.
1Comment
This is not a vulnerability; it’s a coding blunder. Interesting twist on the narrative.