Hackers Exploited Flaw In EOSBet Smart Contract To Steal 44,000 EOS

Once again, the crypto world faced another cyber attack losing several thousands of dollars to hackers. This time, the hackers targeted an EOS gambling app to steal money. Allegedly, they exploited a flaw in EOSBet Smart Contract system to pilfer EOS worth $200,000.

Hackers Stole 40,000 EOS By Exploiting EOSBet Smart Contract System

On September 14, 2018, a Reddit user u/thbourlove posted in r/eos about a hacking attack on EOSBet. He showed speculated attack procedure by exploiting a code vulnerability in his post. He also proposed a way to mitigate the flaw.

How EOSBET attacked by aabbccddeefg from eos

Till that instant, EOS hasn’t disclosed anything about the breach. Yet, after this post, they confirmed that their website suffered a hack.

Later, they uploaded an official statement on Reddit explaining the breach.

EOSBet Transfer Hack Statement from eos

As explained, the attacker “aabbccddeefg” meddled with the codes to exploit the vulnerability and transfer EOS to “self”. He managed to steal 44,427.4302 EOS worth $200,000.

Shortly after noticing the breach, EOS patched the flaw in the code.  They also “hardened” their security measures to prevent such occurrences in future.

About The Attacker’s Account

Out of curiosity, LHN thought to have a look on the attacker’s account “aabbccddeefg” to see the fate of the money he stole. When we first checked the account status, we saw the balance to be around 33K EOS. However, while we were writing this article, we observed a continuous transfer of money to another account “adobesystems”. Consequently, the account balance came to approx. 10,000 EOS when we last checked.

Below we share a snapshot of transactions we saw through this account.

We further scratched the surface only to reach another account “binancecleos” having a balance of 2,522,159.8248 EOS as we last checked. This account showed a continuous receipt of EOS from various other accounts including adobesystems.

We are not sure if there is a larger network of account pilfering users EOS from various sources, or something else. Let’s wait to receive more updates regarding the matter. Until then, make sure to keep your crypto assets safe from such breaches.

Related posts

Google Workspace Design Flaw Allows Unauthorized Access

Atomic Stealer Again Targets Mac Via Fake Browser Updates

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters