Attackers exploited the vulnerability in the code of smart contracts.
A large playground on the EOS-platform EOSBet, positioned by developers as “the most reliable application of its kind,” was the victim of cyberattacks, as a result of which cybercriminals stole 40,000 EOS (about $ 200,000) from her purse.
According to the representative of the company, the attackers exploited the vulnerability in the code of smart contracts. Apparently, notes The Next Web, the criminals used a fake hash for an external call to the transfer function and thus forced the EOSBet system to send huge amounts of coins.
Small amounts of EOS were sent to the fraudster’s wallet (aabbccddeefg), along with messages containing threats to initiate criminal proceedings, if illegally obtained funds are not refunded. Notifications were sent from an account (eosbetdicell) with a name very similar to the official EOSBet account (the real EOSBet account on eos: eosbetdice11). Then the owner of the fake record sent out messages leaving comments under the purse of the intruder to users in whom on behalf of EOSBet offered to recover the stolen funds. Let’s note, at the time of writing the news the company did not make such statements.
EOSBet suspended the platform until it found out the reasons for what had happened.