Hacked smart contracts on two gaming platforms on the basis of EOS, stealing $260 thousand.
The first incident occurred on September 9 on the platform DEOSGames. The project team confirmed the hacking of your smart contract, calling the attack “a good stress test”.
We are back up and running with EOS game for the last 6+ hours. Yesterday, we got a malicious exploit contract our contract. it is a good stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!
— DEOSGames (@DEOS_Games) September 10, 2018
Second hacked platform was EOSBet. According to the official report on Reddit, the attack happened on September 14, around 3:00 UTC. The hackers gained access to the bankroll of the site and before the developers have disabled these smart contracts, stole more than 44 thousand EOS. The remaining tokens in the contracts EOSBETDICE11 and EOSBETCASINO remained safe. At the moment the vulnerability is fixed, and the platform is available again.
According to the site, the hackers used a flaw in the code that allowed them to bypass the function of esio.token -> transfer. As a result, their funds were not deposited in the smart contract. Therefore, whenever they lost, they didn’t have to pay but if they win, they win real money that could then be cashed.
It is worth noting that could be a third attack a few days before EOSBet issued a statement about the break-in, the platform for 36 hours has paid one of its users $600 thousand edition of the Next Web, this episode seemed suspicious enough to describe it as hacking. However, the team EOSBet stated that no hacking was not and in this case the user just got lucky – he won the jackpot.
Source
