HOME CATEGORIES WRITE AND EARN 🔍
CATEGORIES WRITE AND EARN MORE

CRYPTO NEWS

Your favorite crypto news blog

How a Crypto Casino Player Won $110,000 With $1,200 Invested Without Even Gambling

Crypto 2019/11/21 02:07 by Michael Grub
eos logo

A savvy player at a cryptocurrency casino has walked away with a cool $110,000 by exploiting a flaw in the programming of a smart contract of a gambling application. The gambling application in question, EOSPlay, is hosted on the smart contract, blockchain-based network EOS. The attacker essentially overloaded the network, which allowed them to generate winnings with zero risk. Literally each roll of a dice was a guaranteed winner!

As reported in the cryptocurrency news publication Crypto Slate, the EOSPlay vulnerability was discovered in mid-September. The attacker used a second EOS application to facilitate the hack. The service used, EOS REX, is a computing power lending service. Users stake EOS tokens in exchange for RAM and CPU power to use of the EOS network.

By staking more than any other EOS REX user, the attacker was able to fill blocks on the blockchain with their own transactions, thus grinding the network to a halt. With the network impaired, they were able to exploit the EOSPlay gambling application to the tune of $110,000. A developer for the EOS REX commented:  

“Everyone basically gets locked out unless they have more EOS staked than the attacker.”

In order to lock everyone out, the attacker had to outbid the other users. They staked around 900,000 EOS tokens to achieve this. They also had to make a few other transactions to setup the attack and trick the contract into paying out. This cost them a total of $1,200 at the EOS price at the time.

The report in Crypto Slate states that it would have been very difficult for the developers behind EOSPlay to disable the exploited smart contract. This means that it can still be exploited with just a few thousand dollars staked on EOS REX.

One anonymous developer working on the EOS protocol said at the time said that it was possible that other applications on the EOS network were impacted by the flaw in the EOS REX system too.

More recently, a second gambling application hosted on the EOS network fell victim to a similar scam. This time, PeckShield’s DAppShield – a service intended to spot irregularities in blockchain systems – detected that a hacker was able to exploit the application called SKR for around $12,000 worth of EOS. The scary thing is that there may be more exploits in hundreds of real money online casino games.

It is important to note that the EOS network itself was not compromised by either attacks and users funds held away from any of the applications involved will definitely not have been impacted by these smart contract flaws. Dan Larimer, an EOS developer, confirmed that the network itself was neither damaged nor compromised by the attack:

“EOS is operating correctly. This is no different than when attackers flood eth or bitcoin with high fee transaction spam. The network didn’t freeze for token holders, there was just no extra bandwidth available for free use.”

However, such incidents serve to remind users of the serious considerations that need to be made with so-called programmable money in the form of smart contracts.

When creating smart contracts, such as those used in gambling applications (and every other decentralised application on blockchain networks like EOS), potential attack vectors increase exponentially with each layer of complexity. The more interest an application attracts (and therefore more money stored in a smart contract), the more appealing it is for an opportunistic hacker to attempt to exploit it. The EOSPlay application is actually one of the most popular decentralised applications on any blockchain network to date. With hundreds of thousands of dollars locked up in its smart contracts, it is little surprise to see it fall victim to such an exploit.

It is not like such exploits are anything new and the casino examples here will likely not be the last either. In fact, one of the very first major smart contracts was destroyed through an exploit. In Ethereum’s very early days, an effort at creating a decentralised autonomous organisation (DAO) failed spectacularly with hackers making off with around $70 million worth of ETH tokens in 2016. This incident actually caused the Ethereum network to hard fork to return investors’ funds. Many argued that such a policy was exactly what blockchain currencies were intended to prevent against. Those Ethereum miners and developers supporting that view continued to mine the original chain which did not include the roll back, and by doing so created what is now known as Ethereum Classic (ETC).

Image(s): Shutterstock.com

The post How a Crypto Casino Player Won $110,000 With $1,200 Invested Without Even Gambling appeared first on The Merkle Hash.

0 Like(s)



You should also read...

Altcoins 20/11/19 18:39 by Bitcoinist
What is Ethereum, and how does it work?
Ethereum is second to Bitcoin on the cryptocurrency market rankings. But what is it? What powers the second most valuable blockchain? How does it function?  In this digital age, we are dependant on ...
Read More
Crypto 21/11/19 14:42 by Bitcoin PR Buzz
African-based Cryptocurrency CREDIT is Thriving in Emerging Markets
African based blockchain project Terra recently celebrated the first anniversary of Credit (CREDIT) block production. Credit is a decentralized proof of stake cryptocurrency that is simple to mine an...
Read More
Altcoins 07/12/19 16:21 by Brenda Ngari
Weiss Ratings Downgrades EOS For The Second Time This Year, Claims It Has Failed To Decentralize
Crypto rating agency, Weiss Ratings, announced on Friday (December 6) that it is again downgrading the technology score of EOS, the cryptocurrency developed by Block.one. EOS’s Technology Score ...
Read More
Altcoins 07/12/19 20:35 by Nick Chong
Crypto Tidbits: Deutsche Bank Gives Nod to Bitcoin, EOS to Host Social Media, France Digital Currency
Another week, another round of Crypto Tidbits. Bitcoin saw an effectively flat week, gaining 0.08% over the past seven days according to Coin360.com. Altcoins have posted similar results, or rather, ...
Read More
Altcoins 11/01/20 07:12 by Brenda Ngari
To The Moon? Tron’s Justin Sun Claims TRX Could Soar To $409K
Tron CEO, Justin Sun, recently teased the Tron community with a tweet where he said Tron (TRX) could moon to $409K. This tweet should not be taken lightly keeping in mind that his blockchain network,...
Read More