EOS Bet hacked yet again

What is EOS?

EOS was released on the 31st of January 2018. There have been a lot of misconceptions or confusions about EOS. EOS is a platform for decentralized applications mainly focused towards developers. It allows developers to develop various types of decentralized apps with ease and convenience. A decentralized app is an app which has no central authority.

In simple words, EOS is just like an operating system for blockchain. For example in the case of a PC, the operating system required is Windows and in the case of blockchain EOS is the open source operating system which will benefit the most from blockchain. As I mentioned, earlier EOS has been confused many times, and often it’s compared to the cryptocurrency Ethereum.

In the case of Etherum, the developer first has to write the application then he/she has to put the app on machine code in order to run the app on an Etherum network. EOS tries to make the process a little more convenient for the developers by having the decentralized apps in readable machine code on the EOS network.

Moreover, you don’t require to initiate a smart contract in order to interact with the EOS’s decentralized applications. This also means that users do not have to pay any money. As reported by Theoofy EOS shouldn’t be ignored.

EOS Price Today – EOS / USD

Name Price24H (%)
Bitcoin (BTC)
$7,261.61
0.68%
EOS (EOS)
$2.63
1.65%

EOS Bet; An EOS based decentralized app hacked

EOS Bet is a casual dice rolling game, where you simply roll the dice. After you have rolled the dice you either win or lose, and the transaction happens immediately. When talking about security EOS Bet uses the novel randomness generation technique to generate a unique id in the smart contract.

The id is signed with a secret key by EOS Bet’s servers, and the signature is sent back to the smart contract, and it isn’t verified until the bet has occurred. Although the top dice rolling game firm has claimed to be the “safest of its kind” it seems there are not one but multiple loopholes in the platform which has resulted in numerous hacks.

Just over a month ago, EOS Bet was the victim of a terrible hack due to a vulnerability or an error in the code of the platform which resulted in the loss of over 40,000 EOS token or $200,000 worth of EOS coins. And on the 17th of October way after the developers had claimed that it is the “safest of its kind” platform, EOS Bet got attacked due to yet another vulnerability in the code.

Regarding the first hack the first statement by a spokesman after the attack stated that it was a “minor incident”, later the spokesman stated, “A few hours ago, we were attacked, and about 40,000 EOS was taken from our bankroll, this bug was not minor as stated previously, and we are still doing forensics and piecing together what happened.”

The second hack which occurred on the 17th of October resulted in the loss of over 65,000 EOS tokens which is worth roughly $338,000. The platform was taken off the internet for a few hours in order to “figure out exactly what happened” and after a while the big which caused the “faulty assertion statement.” was identified.

The firm claims that the code has been audited by not only many developers but also by “multiple independent third parties.” One of the executives of EOS Bet said that the firm promises to “harden” the security of the platform in order to avoid such hacks in the future. Hackers had found a vulnerability in the transfer part of the code which they exploited and transferred the coin into their accounts.

The hackers apparently uploaded a malicious file into the EOS wallet; as a result, the transfer function got activated immediately. Regarding the second hack, an executive said “Vulnerability has been discovered in multiple contracts using notification from other contracts. All parameters from notification need to be explicitly checked as checking only contract name, and action name is not sufficient.”

 

Disclaimer: The information on this site is provided for discussion purposes only, and should not be misconstrued as investment advice. Under no circumstances does this information represent a recommendation to buy or sell securities.