Attacker Exploits EOS Vulnerability to Steal $120,000 in Dapp EOSPlay

477
EOS Founder Dan Larimer: A Major Huge Announcement Is Coming In June
Advertisement
   

Gamblers on EOS gambling dapp EOSPlay are having a bad day. An attacker has hijacked the network to favor him in every roll such that he has consistently won to gain an accumulated 30,000 EOS, equivalent to $120,553 at the time of reporting. He used REX to fill blocks with EOS transactions which allowed him to win continuously.

Filling the blocks made the network “unusable”, as it is frozen so other users were not able to participate. This allowed the attacker to win thousands of EOS with a stake of just 300 EOS. Using REX also increased the cost of running CPUs, which most participants cannot afford and so remain locked out while the system kept rewarding the attacker.

He had 900,000 EOS allocated to CPU which ensured that anyone with a lower stake could not access the network or participate in the gambling process anymore. This was far more than most users could afford in order to gain access. This allowed the attacker to take full charge of the network to steal thousands of EOS.

It seems the attack was worse than just an EOSPlay congestion though. A smart contract developer and creator of ERC-233 said the attacker seemed to explore several different smart contracts on the EOSIO network which is known for smart contract deployment. This may go on for a while, according to an active EOS community member Jared Moore who said the weakness can still be exploited by anyone who stakes 300 EOS or more until the network is forked or patched.

The owners of smart contracts hijacked by the hacker are also unable to stop the process because the network is already congested and because they are not able to stake sufficient EOS to do so.

Advertisement  

This is not the first attack on EOS so far this year. In February, the EOS network was hacked, leading to the loss of $7.7 million worth of EOS. The attacker leveraged a new Block Producer’s failure to update the network’s blacklist of attackers which allowed the attacker to successfully transfer 2.09 million EOS.

The current attack is still ongoing according to reports and users are advised to stay away from EOSPlay until the issue is fixed while other aspects of the network continue to function normally.