200K EOS HACK!!!

in #eos6 years ago

200k EOS Stollen From Popular EOS DAPP BETDICE.ONE

image.png

This is huge new. But it's like media silence is taking over!!

EOSs #1 Gambling DAPP and possibly every other DAPP on the EOS Block chain susceptible to the same attack!!

Here is the official Message posted by the Admin Shae Over at DICE from the Telegram!

image.png

Shae, [18.12.18 19:13]
We’d like to provide more details regarding the attack that took place today.

The attack started at 17:00 UTC, and we noticed the suspicious activity at 17:45 UTC. At 17:55, we executed an emergency game stop, judged the attack to be a non-contractual issue, and immediately contacted BPs for further investigation, while also contacting other dapps that were under attack to alert them.

We submitted our contract to the BPs for review. The conclusion was that our contract is very safe and did not have any loopholes that could be abused.

At 21:00 UTC, we reached a conclusion and confirmed the nature of the attack.

The attacker discovered a way to exploit EOS nodes. The transactions not in an irreversible block could be exploited due to time needed to sync between the API node and BP node. They used this exploit to place bets, but only asserted the transactions in their favor. In short, they would only submit the transaction to the BP node if it was a winning transaction. This attack was not due to a vulnerability on the contract level.

Since the attacker used many accounts, the actual loss is still undetermined, but it is estimated that about 200,000 EOS was lost. Although this loss is not negligible, it does not affect our operation at all. We can easily withstand more than 500,000 EOS losses, which is still only a small part of our funds.

Also, since our payout to staked DICE holders is calculated based on the theoretical house edge, this attack did not effect the payout.

In regards to the details of the attack method, we do not feel it is best for this to be disclosed. This attack method can be applied to most applications. We have been in contact with other teams to confirm they are aware of this issue and to confirm their security.

Our service is back online now and the issue is fixed. We have already implemented the suggestions from the BPs and B1, so the issue should now be resolved.

We appreciate the patience and understanding our community has demonstrated through this ordeal, and are particularly grateful to EOSCafe, LibertyBlock and BlockOne for their help in investigating this attack.

This attack will not hinder our growth in any way, but will only make us stronger.


THIS IS GREAT NEWS

A company was HACKED!!
They fixed the problem in a very fast time frame!!
They provided assistance to other DAPP Devs to secure their DAPPS!!
NONE!! NONE!! of the users OR investors lost a single cent!!
The company was well funded enough that a loss of 200k doesn't effect operations!!

This is great news. Tell me what your thoughts are on this. Why isn't more people talking about this.
Am I the only one who sees a positive in this! Tell me what you think in the comments down below.

By the way if you would like to try out your luck and see if you can get you hands on some of them sweet sweet dividends use my referral link! It goes to help bring more content like this to your Steem feed!

https://betdice.one/?ref=eosbabywhale

Sort:  

Congratulations @vanityplates! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You received more than 15000 upvotes. Your next target is to reach 20000 upvotes.

Click here to view your Board of Honor
If you no longer want to receive notifications, reply to this comment with the word STOP

Support SteemitBoard's project! Vote for its witness and get one more award!