Recent hacks of EOS-based gambling platforms have resulted in the theft of over $250,000 worth of EOS coins.
The EOSBet online casino, through its Reddit account, announced that a hack had occurred last Friday, where 44,427.4302 EOS (about $240,000) were stolen, “before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we are back online. We want to be as transparent as possible in explaining this breach and addressing any concerns the community might have.”
According to EOSBet, the hacker was able “to place bets without transferring EOS to the contract. For losses, he was paid nothing, but lost nothing. However, for wins he was paid out real EOS from the contract.”
EOSBet admitted that in spite of multiple audits before the attack, “there was still a vulnerability in our smart contract. The task moving forward is to strengthen our security practices, ensuring that a similar event does not occur in the future.”
In their latest announcement, the EOSBet development team said they were making changes to the bankroll. “We’ve moved ~75% of the bankroll out of our hot wallet and into reserves. Simultaneously, we’ve increased the maximum win size from 1% to 4% of the bankroll in order to keep the maximum bet size unchanged.”
“Like modern exchanges, we’re storing the majority of our funds in a cold wallet to minimize the damage from a potential hack. We’re currently reviewing our smart contracts and security processes to prevent attacks, but this move serves as an additional line of defense,” they added.
Apart from this, online tech magazine The Next Web pointed to EOSBet recently paying over 126,000 EOS worth over $600,000 to a user who had won the amount in less than two days. EOSBet however denied a hack had occurred, saying the winnings were obtained legitimately.
Another hack, also reported by The Next Web, happened with EOS betting platform DEOS Games, which tweeted, “We got a malicious contract exploit our contract.” A jackpot of approximately $1,000 was paid to user runningsnail 24 times within an hour. In that time, the user had deposited 339 EOS (about $1,695 then) while taking 4,728 EOS ($23,640). DEOS Games said of the incident, “It is a good stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!”
We are back up and running with EOS game for last 6+ hours. Yesterday, we got a malicious contract exploit our contract. it is a good stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!
— DEOSGames (@DEOS_Games) September 10, 2018
The price of EOS has gone down from a high of over $21 per coin last April, to about $5.35 at present, after an underwhelming launch last June that saw many accounts being frozen due to technical issues.