Hacker Exploits Betting Game Vulnerability, Wins $110k

A cybercriminal managed to pocket $110 worth of EOS by taking advantage of weaknesses in the security system of EOSPlay. CoinTelegraph reported that the hacker reportedly spent $1,000 to secure his “winnings.”

EOS is a cryptocurrency developed by blockchain company Block.One. A supposed vulnerability in the gambling game enabled the criminal to filch around 30,000 in digital cash. The bug is reportedly exploiting through the EOS REX, a “major decentralized financial (DeFi) service that allows EOS lending in exchange for extra CPU on the EOS blockchain.”

REX is known to be the most prominent DeFi system. In fact, it has around 331 million in the crypto-cash as of this writing.

In a report by CryptoSlate, it was revealed that the attacker exploited REX to reserve and guarantee certain blocks. These blocks were designated for the hacker’s transactions. This is a requirement for winning the bet.

ADVERTISEMENT

Hacker Exploits Betting Game Vulnerability, Wins 0k

He also had to purchase around $1,200 (300 EOS) to arrange the whole operation. With his continuous wins, he was able to accumulate the amount stolen.

An unnamed source remarked that the incident could have an impact not just on EOSPlay. The source noted that the hacker appears to be using more than one accounts to “exploit several different smart contracts.”

The attacker also had around 900,000 EOS allocated to CPU. The spam also appears to prevent other holders to use the resource. This may also make it harder for users to disable their contracts.

Block.One CTO Daniel Larimer said that the attack does not have an impact on the currency’s network, said CoinTelegraph. However, the exploit resulted in a “network overload resulting in a lack of extra bandwidth.”

ADVERTISEMENT

Larimer compared the incident with previous attacks on other cryptocurrencies. According to him, the network remains to be operational. Moreover, similar things happened with ETH and BTC currencies when criminals flooded the networks with “high fee transaction spam.”

While Larimer claimed that the attack did not affect the network, users voiced their opinion on the matter. Crypto entrepreneur Jared Moore remarked that the assault “froze the EOS blockchain.”

Moore also noted that he was not able to use the network on DApps and wallets. Another user disputed such claims as the network was still active during the time in which it was supposedly down.

CryptoSlate added that users should avoid EOSPlay until the company fixes the vulnerability.

ADVERTISEMENT