Hacker Turns $1,000 Into $110,000 Through EOS Exploit

A new exploit on the EOS network has allowed one hacker to win every roll on the gambling dApp EOSPlay. The individual was able to win some $110,000 through an exploit on the network by artificially filling blocks.

EOS is once again falling into controversy as it has recently been revealed that a hacker was able to exploit EOSIO on a gambling dApp, EOSPlay. The tech-savvy individual was able to run off with over 30,000 EOS in earnings. The on-chain transactions are all visible on the block explorer. The attack is reportedly more than people initially expected. This is not just an exploit related to EOSPlay. The hacker is alleged to also be targeting multiple smart contracts to render some dApps unusable and to ‘game them’ for more rewards.

It seems that the scale of the attack is much larger than we originally expected.
These are attacker's accounts:https://t.co/wdeRVVHT4V https://t.co/euC2gEncj7 https://t.co/7mrpdRfGLi https://t.co/Wsl578HVPa https://t.co/I0aTR8OvbQ https://t.co/7ixE6VCoLf https://t.co/1QIOQDfDlw
— Dexaran (@Dexaran) September 13, 2019

As a result of the attack, the EOS network is in ‘congestion mode.’

Staked and Allocated EOS

The dynamics of the attack are difficult to explain to someone not familiar with EOS. Essentially, the attacker had some 900,000 EOS staked and allocated to CPU on EOSIO. The hacker proceeded to exploit EOS’s new ‘Resource Exchange’ (REX), which is a marketplace for the risk-free leasing of CPU and network resources. Through the EOS staked, the attacker was able to ‘congest’ the network, thus throttling transactions. As Dexaran (@Dexaran) explains:

2/ Explanation:

Probably the RNG of attacked gambling DApps could use some transactions or data from earlier blocks as a source of entropy.
It's easier to manipulate "previous blocks" when the network is congested and you are the only one having resources to send transactions.
— Dexaran (@Dexaran) September 14, 2019

The bottom line is that until there’s a fork or a patch, this exploit can easily be used for any EOSIO user who spends more than $1,000 on Resources Exchange. So, the problem goes much deeper than just EOSPlay. In fact, this could affect a whole slew of dApps, likely without people noticing until it’s too late. EOS

How Scalable?

EOS has had a hard time creating a dynamic marketplace for CPU and RAM on its network. As a result, it has struggled with positioning itself as the ‘scalable’ version of Ethereum—an idea which was often touted as a goal. Considering that Block One has some $3 or so billion in its war chest from its year-long ICO, one has to wonder how much of that has been adequately put towards network security. Given recent controversies, it seems not much. Do you believe EOS can quickly patch this issue or does this underscore some fundamental problems with the network? Let us know your thoughts below.

Images are courtesy of Twitter, Shutterstock.

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.

Anton Lucian

READ FULL BIO

Raised in the U.S, Lucian graduated with a BA in economic history. An accomplished freelance journalist, he specializes in writing about the cryptocurrency space and the digital '4th industrial revolution' we find ourselves in.

READ FULL BIO