Over the last four days, two EOS betting platforms have fallen victim to hackers who managed to get away with a total of $260,000.
The first hack took place on the DEOSGames platform on September 10th and the second a few days later on September 14th on EOSBet. The initial hack saw the sum of $24,000 stolen, while the second was more significant with the firm losing the equivalent of $236,000 in EOS.
Coincidentally during the same week, EOSBet also made a large payout of $600,000, which critics believe could even be the work of a third hack. However, the company insists that this particular incident was just pure luck.
DEOSGames left $24,000 out of pocket
As a result of these cleverly orchestrated attacks, which exploited a weakness in the platform’s Smart contract, the company tweeted the following day confirming that the service was back up and running.
In perhaps a pragmatic response to the incident, DEOSGames said that “it was a good stress test” and resulted in improvements in the contract level they are using. The platform also reminded users that is in a beta test phase, implying that such breaches were to be expected during the testing period.
The hacker successfully won a series of $1,000 payments by depositing 10 EOS before going on to win the jackpot less than a minute later in a suspiciously automated style. There was some downtime on the platform for a period after the hack was detected, but users were able to rejoin promptly once the issue was discovered.
A higher bill to pay for EOSBet
On September 14th, EOSBet’s bankroll was hacked, and 44,427.4302 EOS were stolen from the online casino. The company took to Reddit to release a statement addressing the breach in which gave further information about the amount taken and how it was accessed. The platform stressed that its developers had discovered the violation and took its contracts offline as a result.
By the time the statement was published, the service was up and running again. The hacker took advantage of a flaw in the code that allowed them to bypass a crucial security function, which resulted in the player being able to bet risk-free but retain any winnings.
The company’s development team then shared the section of code that was vulnerable and detailed the changes that were made and why they took that decision.
While most users respected the company’s transparency in the face of the hack, others were not impressed by the skills of its development team and the third-party auditors who were responsible for reviewing the code initially.
Further suspicious activity
The Next Web has reported of a third possible hack, although EOSBet has disputed that the activity was suspicious. The player accumulated $600,000 of winnings over a 36-hour period. EOSBet has claimed the winnings were purely down to the user’s good luck, but the incident is currently under investigation.
In light of the criticism the company faced following its first hack earlier this week, if this activity is proven to be of a suspicious nature then it result in a difficult situation for the platform’s security standing, let alone the damage it could cause to EOSBet’s image.
The current flurry of hacks has highlighted the importance for cryptocurrency gambling platforms to ensure that their code is as secure as possible, not only to enable to them to limit loss directly caused by hacking but also to prevent the negative publicity that comes with such incidents.