Almost $240,000 Worth of EOS Tokens Stolen In dApp Smart Contract Hack
Ethereum rival EOS has suffered a smart contract security breach on one of its decentralized applications which has resulted in the theft of around $240,000 worth of tokens.
A weakness in gambling application EOSBet’s smart contracts has been exploited just days after claiming it was one of the safest dApps online. According to Hard Fork which reported the hack and EOS Bet spokesperson said;
“A few hours ago, we were attacked, and about 40,000 EOS was taken from our bankroll. This bug was not minor as was stated previously, and we are still doing forensics and piecing together what happened.”
It turns out the actual figure was over 44,000 so at current EOS trading rates of $5.40 this equates to $239,900. The team has already removed the application while they figure out exactly what happened, admitting that it was a code bug.
“[EOSBet] should be back online relatively quickly. We have narrowed down the bug to a faulty assertion statement in our code. After talking with other developers and BPs, it seems like other games were also attacked using this same exact code (abi forwarder.)”
Using a fake hash, the hackers were able to call the app’s transfer function externally spoofing the EOSBet system into sending a huge chunk of EOS tokens. The hackers and scammers have since attempted to transfer the stolen booty off the system into their own wallets by creating fake accounts mimicking EOSBet in order to trick users into believing that casino is reimbursing customers for any lost funds.
In a twist of irony just days before the incursion, EOSBet Casino mocked a competitor for getting hacked. There was an additional boast that their system was superior in a Tweet which has since been removed;
“DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll. As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on.”
Earlier today the EOSBet team released an official hack statement explaining the situation;
“On September 14th around 3:00AM UTC we experienced a hack and breach of our bankroll, resulting in a theft of 44,427.4302 EOS before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we’re back online.”
It continued to state that EOSBet is strengthening its security practices, ensuring that a similar event does not occur in the future.