EOSBet is a gambling DApp which uses EOS coins. It just got hacked again and lost about $338,000 from its operational wallets to hackers a couple of days ago.
We say that it was hacked again because the first time it happened was on September 14th. People are disappointed because, after the first hack, the platform promised to strengthen security.
The attack brought the platform’s vulnerabilities to the forefront. The users have been notified about the attacks in writing.
The attack has been streamlined to the platform by hackers via a malicious code which tricked the EOS smart contract platform to credit their accounts “by accident” with the token.
The precise value is unknown, but a hacker who goes by the name ‘Ilovedice123’, was able to gather as much as 65,000 EOS and transfer it to a major cryptocurrency exchange.
The vulnerability has been rectified
The vulnerability was eventually rectified after the transactions have been noticed by the development team.
They released a statement in which they advised patrons to check their wallets for duplicate transactions.
“Any contract relying on transfer notifications from eosio.token should add this check immediately: if (transfer.to != _self) return; If you execute business logic on only incoming transfers, but reuse transfer action for both incoming and outgoing transfers, please use: if (transfer.from == _self || transfer.to != _self ) return;” the statement said.
On September 14, hackers had stolen almost 40,000 EOS, worth at least $200,000 at that point.
After the first attack, EOSBet promised to enhance security measures
Now, after this second attack people have started to wonder. The first time EOSBet promised to harden security measures to prevent future attacks.
They said that they had arranged extensive audits and deployed third-party security companies.
More crypto enthusiasts are now correlating the second attack to allegedly illicit transactions that could be taking place on the platform.