Just in the last four days, two EOS platforms have been hacked which resulted in 44,427.4302 EOS being stolen. The Chinese government rated EOS as the number one cryptocurrency a few months ago. EOS has received praise for its ‘outstanding technical advantages in transaction confirmation efficiency, network throughput, and transaction costs’ of its protocol. However, critics have also pointed out that ‘due to its short online time, the stability of the network remains to be observed’.
The stability of EOS has been brought to task a fair few number of times. RAM resources were stolen from users as hackers were able to gain access to the EOS network owing to vulnerabilities. EOS is essentially a decentralised operating system which acts as host to an ever-increasing number of decentralised apps (dApps). RAM on the other hand is an essential component within the system which allows dApp’s to store data. Although developers are working tirelessly to rid the platform of bugs, owing to the platform being in its infancy, bugs are a recurring menace.
The EOS platform witnessed another attack on the 9th of September. A DEOS Games user seemed to observe what looked at the time like a streak of wins, yielded payments of $1000 multiple times. After depositing 10 EOS, the user won the jackpot 30 seconds later. The official DEOS Games account acknowledged the hack and claimed that it had fixed the bug in a tweet and said, “We are back up and running with EOS game for last 6+ hours. Yesterday, we got a malicious contract exploit our contract. it is a god stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!”
The incidents of hacking didn’t end there as on the 14th of September another EOS betting platform, EOSBetCasino, posted a statement on Reddit announcing that they had been hacked and suffered a major loss because of it.
The Reddit post said, “On September 14th around 3:00 AM UTC, we experienced a hack and breach of our bankroll, resulting in a theft of 44,427.4302 EOS before our contracts were taken offline by the development team. The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we are back online. We want to be as transparent as possible in explaining this breach and addressing any concerns the community might have”.
Having exploited their code, the hacker was able to bypass a transfer function which led to them not having to pay when they lost, but cash out when they eventually won. The developers claim that the platform is back online and the remaining fund are safe. According to EOSBet, “We take security very seriously at EOSBet. Our code was audited extensively by our development team and multiple independent 3rd parties. Despite this, there was still a vulnerability in our smart contract. The task moving forward is to strengthen our security practices, ensuring that a similar event does not occur in the future”.