The EOS blockchain is essentially a security mechanism to secure user’s data and by extension their tokens. Although EOS’ Smart Contract, parallel processing, and constitution create a system that is very difficult if not impossible to exploit by traditional means, hacks relating to specific dApps on the EOS blockchain have taken place. So far, gambling dApps have proven the juiciest targets for hackers. Let’s take a small look at some of these hacks.
EOSBets Hacked at Least Twice
In September 2018, EOSBet lost a whopping 44,427.4302 EOS ($236,000 at the time) from their operating wallet. This was due to an exploit relating to vulnerabilities in EOSBet’s smart contract. Ironically, this happened only a few days after EOSBet publicly claimed to be the most secured dApp. EOSBet quickly informed its user base about the loss via Reddit.
“Dear EOSBet Community,
On September 14th around 3:00 AM UTC we experienced a hack and breach of our bankroll, resulting in a theft of 44,427.4302 EOS before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we are back online. We want to be as transparent as possible in explaining this breach and addressing any concerns the community might have.”
Barely a month after this attack, hackers found another loophole in the EOSBet smart contract. This time, the attacker carted away 65,000 EOS ($338,000).
It appears that the hackers were able to externally call EOSBet’s ‘transfer’ function using a fake hash, tricking the system into sending EOS to the hacker. This was first spotted and shared by a keen-eyed Redditor.
There is some speculation that a Third EOSBet hack took place where an unknown user won $600,000 through a series of consecutive wins, doubling their money through a consistent dice rolling over a span of 36 hours. While the incident looks somewhat suspicious, EOSBet has said that there was no exploitation of its code line and described the user as simply lucky.
DEOSGames Hacked with $24,000 lost
Also in September 2018, a DEOSGames user began depositing 10 EOS and getting a payout worth around $1000 every 30 minutes. This of course looked like an automated hack, as it was repeated over a dozen times and lead to the loss of around $24,000.
DEOSGames confirmed the hack via Twitter, stating that the incident was “a good stress test and we got a significant improvement of contract level”.
Take-away: These successful hacks were due to errors in the code lines of the smart contracts of particular dApps. While some dApps were exploited, there is nothing to suggest that these vulnerabilities represent any critical problem with EOS as a whole. They serve as a reminder for dApps developers to remain security conscious and take care to eliminate any possible loopholes that hackers might exploit. Remember: if it can be hacked, it will be hacked.
Author: Benjamin from Token Valley
Note: The views and opinions expressed in this article are those of the particular author. Token Valley is a dApp discovery platform seeking to bring together the dApp community in a transparent manner that encourages further growth in the space.