News

EOS (EOS) smart contract’s vulnerability enabled hackers to steal $200 000 from gambling DApp

On September 14, TheNextWeb reported that a million-dollar EOS gambling dApp suffered a major blow. Hackers have taken 40,000 EOS ($200,000) from the operating wallet of EOSBet by exploiting vulnerabilities in its smart contracts.

“[…] A few hours ago, we were attacked, and about 40,000 EOS was taken from our bankroll,” – an EOSBet spokesperson informed users. – “This bug was not minor as was stated previously, and we are still doing forensics and piecing together what happened.”

EOSBet devs have since taken the dApp offline while they figure out exactly what happened. A spokesperson does admit that hackers were only successful due to a fault in its code.

“After talking with other developers and BPs, it seems like other games were also attacked using this same exact code (abi forwarder)”, – the EOSBet spokesperson added.

On September 16, the EOSBet development team announced they had made some changes to the bankroll.

“Effective now, we’ve moved ~75% of the bankroll (300,000 EOS) out of our hot wallet and into reserves. Simultaneously, we’ve increased the maximum win from 1% to 4% of the bankroll in order to keep the maximum bet size unchanged”, – wrote the team, adding:

“Like modern exchanges, we’re storing the majority of our funds in a cold wallet to minimize the damage from a potential hack. We’re currently reviewing our smart contracts and security processes to prevent attacks, but this move serves as an additional line of defense.”