EOSBet Casino Gaming Platform Hacked For $240k Due To Smart Contract Vulnerability

EOSBet, a gambling game by EOSBet Casino suffered a hack that saw over 44,000 EOS tokens stolen, valued at around $240,000 at the time.


EOSBet, a gambling game by EOSBet Casino suffered a hack that saw over 44,000 EOS tokens stolen, valued at around $240,000 at the time.

It is somehow ironical that EOSBet got hacked just days after it appeared to mock its competitor DEOSGames.

DEOS Games, experienced a malicious exploit in its contract, resulting in the payment of a $1000 jackpot 24 times. It meant the platform lost about $23,640.

It a tweet, posted after the vulnerability, DEOS Games said that the exploit provided a “good stress test” and that it had since improved its smart contract security. The platform also emphasized that it will only get better, pointing out that it is still in beta.

EOSBet hacked

On September 14, a hacker under the pseudonym of aabbccddeefg used a fake hash to trick EOSBet’s transfer function. The exploit enabled the hacker to place bets but did not transfer any EOS tokens to the platform’s smart contract.

The flaw made it possible for the attacker to avoid incurring any losses on losing bets. They, however, were able to withdraw all the winnings.

EOSBet confirmed the hack, telling its Reddit community that indeed the attack occurred leading to the loss of 44,427 EOS tokens.

However, the development team managed to take the smart contracts offline, allowing the team to safeguard 463,745 EOS in their EOSBETDICE11 and EOSBETCASINO contracts.

The team further stated that:

“This bug was not minor as was stated previously, and we are still doing forensics and piecing together what happened.”

The platform was able to patch the vulnerability, and EOSBet returned online. However, apart from the hacking issue, the dApp game faced another scrutiny after a gambler won $600,000 last week.

A user played a game of dice for about 36 hours, doubling their bets to increase their winnings. The occurrence raised a few questions, but EOSBet Casino emphasized that it was merely the player’s luck and nothing else.

In a post published on Reddit two days ago, the team says that it takes the issue of security very seriously. It said its code had undergone extensive auditing, both by its development team and from several independent 3rd parties.

It has vowed that the vulnerability exposed through the attack is only going to be used to strengthen its security practices.

Funds moved into cold storage

EOSBet Casino must have realized there could be more attempts to hack it and thus has moved most of the funds from its hot wallet to cold wallet reserves. This is one of the security measures the team has identified going forward.

The development team further stated that storing a majority of the funds in cold storage minimized the chances of suffering massive losses in case another occurred.

The firm wrote on Medium, saying:

“Effective now, we’ve moved ~75% of the bankroll (300,000 EOS) out of our hot wallet and into reserves.”

The maximum win percentage is now up from 1% to 4 % of the total bankroll, which the gambling platform says is a move aimed at maintaining the maximum bet size. It has also assured all avid players that none of these changes will affect gameplay.

The attacks are indicative of the fact that the EOS network still has weaknesses and dApps developers may need to do more to improve on the security of their platforms.

The EOS token has also continued to underperform amid a market-wide price decline over the last several months. EOS/USD traded at over $22 at the end of April, but now sees it market price hovering just above $5.35.

Leave A Reply

Your email address will not be published.