A gaming application on an EOS blockchain has been attacked by hackers again, which led to more than a quarter of a million dollars stolen. Other platform paid one user 600 thousand dollars, who, according to EOSBet, was just lucky.
The first and not very significant cracking occurred on September 9, when a DEOSGames user under the name of runningsnail started to win one thousand dollars ten times in a row. User made a deposit of 10 EOS, and then tore the jackpot every 30 seconds. Although the DEOSGames said, that the smart contract platform had been broken, this story was presented in social networks under the guise of "good stress test".
On the same day EOSBetCasino published an announcement via Reddit, which revealed the nature and scope of smart contract's hacking, that led to loss of large cash amounts.
A hacker used a weakness of code, due to which a esio.token -> transfer function was successfully bypassed. In other words, he didn't make a deposit, but had an opportunity to bet. Losing, a hacker didn't lose his money, and in case of success he recieved real money, that could be cashed out later. Thus he won about 260 thousand dollars.
An announcement also stated:
"We are extremely serious about security on EOSBet. Our code has undergone a thorough scrutiny by a team of developers and several memebers of independent third parties."
Some Reddit users praised the team for disclosure of an incident's circumstances, and the other part openly ridiculed skills of developers and third party auditors.
In addition, another EOSBet user recently became the owner of 600 thousand dollars after participating in a series of consecutive wins. For 36 hours he had been repeatedly doubling his bets during the craps game. Despite an incident's suspiciousness, EOSBet representatives stated, that there had been no hacking code - a user just happened to be an extremely lucky person.