The decentralized gambling app on EOSPlay was compromised at the hands of a technoid. The scammer used it to turn a thousand dollars ($1000) into one hundred and ten thousand dollars ($110,000) by winning every single roll on the gamble.
He managed to acquire approximately thirty thousand (30,000) EOS while rendering the network inoperable by anyone else.
The exploit was accomplished by the hacker due to his indigenous methodology of filling the blocks with their transactions.
All these transactions are visible on the blockchain explorer which exhibits the contents of individual blocks, transactions as well as transaction histories and the balance of the hacker’s address. The hacker continues to exploit applications to use them for extracting “rewards.”
It seems that the scale of the attack is much larger than we originally expected.
These are attacker's accounts:https://t.co/wdeRVVHT4Vhttps://t.co/euC2gEncj7https://t.co/7mrpdRfGLihttps://t.co/Wsl578HVPahttps://t.co/I0aTR8OvbQhttps://t.co/7ixE6VCoLfhttps://t.co/1QIOQDfDlw
— Dexaran (@Dexaran) September 13, 2019
As the EOS dApp remains in “congestion mode,” various solutions to these problems are being contemplated. Various explanations are being made for the undergoing process, which may be difficult for someone to internalize who is unaware of the functioning of EOS.
EOS has launched a marketplace for the exchange of a central processing unit (CPU) and network resources which were exploited by the hacker.
He has staked and apportioned around nine hundred thousand (900,000) EOS, which he used to obstruct the network by stifling the transactions. Smart-contract developer and security engineer, Dexaran (@Dexaran) explains this work of genius on his twitter handle:
Probably the RNG of attacked gambling DApps could use some transactions or data from earlier blocks as a source of entropy.
It's easier to manipulate "previous blocks" when the network is congested and you are the only one having resources to send transactions.
— Dexaran (@Dexaran) September 14, 2019
How EOS vulnerability led to the scam?
In a nutshell, this systematic collapse can only be halted if the situation comes to a fork or if patching is initiated.
Otherwise, like the past, this crisis would not have been restricted to EOSPlay but will spread to innumerable decentralized applications and will probably be surfaced to the attention of people when the milk has already been spilled.
EOS has already struggled to cope up with the dynamics necessary to become a functional tool of the marketplace for random access memory (RAM) and CPU.
However, with these recent downplays in the system, it is evident that EOS has not spent enough sources or effort to make the network secure enough. This might turn up as a blow on the reputation of EOS, creating a negative impact for the future.