The online gambling industry recently suffered an unexpected blow as hackers successfully stole $200,000 worth of EOS (40,000 EOS) from the operating wallet of EOSBet.
EOSBet is a million-dollar online gambling platform. The hackers managed to orchestrate the theft due to a vulnerability in the smart contract system used by the gambling application. The EOSBet app is based on the EOS blockchain.
The breach first became known thanks to a keen-eyed member of the EOSBet Reddit community. The member, who uses the name “thbourlove” on the online forum, reported the security breach and shared the code that the hackers used to exploit the smart contract vulnerability.
Following this revelation of the exploit code, the EOSBet official Reddit account admitted that the gambling platform has indeed been victim to hacking.
Hacking Incident & EOSBet’s Response
EOSBet seemed to indicate that the breach could have deeper ramifications at the time. An interesting aspect about this security breach is the fact that EOS had declared that its gambling application was the safest of its kind.
This was just a few days before the hack. This incident highlights the unpredictable nature of the current cybersecurity landscape.
In response to the security breach, EOSBet developers took the gambling app offline to determine exactly what had happened.
Less than a day after the incident became known to the public, an EOSBet spokesperson officially confirmed the hack and the total amount that the hackers managed to get away with.
Information from the company reveals that the hackers exploited a bug in one of the games on the EOSBet platform.
However, it appears that the vulnerability could be a problem for other games on the gambling platform as well. The EOSBet spokesperson pointed out that the gambling application would be back online relatively fast.
The developers managed to trace the vulnerability to a faulty assertion statement in the application code. Preliminary investigations revealed that other games on the gambling platform were also targeted using the same code.
Details of the Vulnerability Leading to the Hack
The hackers were able to hijack EOSBet’s funds transfer function by forging a fake hash. This way, the attackers tricked the EOSBet system into transferring large amounts of EOS funds illegitimately.
The attackers then sent small amounts of EOS into their account accompanied by some threatening messages.
The perpetrators are operating an account with a name similar to the official EOSBet wallet. One of the messages directs the fake user account to refund the illegal income EOS to EOSBet official account name “eosbetdicell” under the threat of legal action.
The fake account then offers a reimbursement service in a bid to make other users believe that EOSBet is reimbursing their customers for stolen funds.
EOSBet has yet to make such as announcement, and their official account is “eosbetdice11”” and not “eosbetdicell” that the scammers are using.
According to the statements issued by EOSBet’s spokesperson, the company is currently in the process of investigating the incident further.