Merely days after claiming to be the safest gambling app on the market, EOS-based gambling dApp EOSBet has been hacked for 40,000 EOS tokens ($200,000). According to the Next Web, the hackers were able to exploit vulnerabilities in EOS’ smart contract protocols. The developers at EOSBet have taken the dApp offline and have announced an ongoing internal investigation.
“A few hours ago, we were attacked, and about 40,000 EOS was taken from our bankroll,” an EOSBet spokesperson informed users. “This bug was not minor as was stated previously, and we are still doing forensics and piecing together what happened.”
The announcement continues:
“[EOSBet] should be back online relatively quickly. We have narrowed down the bug to a faulty assertion statement in our code. After talking with other developers and BPs, it seems like other games were also attacked using this same exact code (abi forwarder.)”
The Next Web reports that the hackers were able to call EOSBet’s ‘transfer’ functionality externally using a fake hash, causing EOSBet’s system to mistakenly transfer tens of thousands of EOS tokens into the hackers’ accounts. The incident was first identified by a Reddit user and has since been corroborated.
Suggested Reading : Learn how EOS compares to another notable dApp platform—Ethereum.
Numerous users on the EOS blockchain have sent small amounts of EOS to the hackers’ accounts linked with threatening messages. Amidst the chaos, several scammers have also jumped into the fray. One scammer, posing as EOSBet’s official account, messaged the hackers with the threat of taking legal action if the funds were not sent to a fake EOSBet account.
The memo roughly reads, “Please refund the illegal income eos, otherwise we will hire a team of lawyers in China to pursue all criminal liability and losses to you. Eosbet official eos account: eosbetdicell.”
This same scammer is promising reimbursement services to EOSBet users. While on its face this may seem legitimate, the official EOSBet account is named ‘eosbetdice11‘ not ‘eosbetdicell‘. These sorts of tricks have become increasingly popular by crypto scammers posing as celebrities on Twitter.
The same scammer posted the following memo:
“Dear players: In order to make up for the loss of eosbet players in the hacking incident, the platform launched a recharge to send BET. 1EOS=1BET, the official eos account: eosbetdicell, the transfer will automatically give the same BET.”
This isn’t the first controversy to have taken place on EOSBet. Earlier this week, one user profited over $600,000 on the dApp after repeatedly doubling his money over the course of 36 hours. While this raised some eyebrows, an EOSBet spokesperson stated that there was absolutely no evidence of foul-play and that all of the lucky gambler’s $600,000 had been won legitimately.