Every blockchain and cryptocurrency ecosystem will go through its own set of growing pains. That is par for the course, as no technology works perfectly out of the box. In the case of EOS, its gambling dApps have proven to be extremely popular. Unfortunately, it seems at least three of them have been hacked recently by exploiting EOS nodes.
The EOS Attack Which Surprised Everyone
It is not uncommon for criminals to look for weaknesses in altcoins or even Bitcoin. Any potential flaw or weakness will be exploited sooner or later. How successful this venture ends up being, will usually vary quite a bit. In the case of the EOS gambling dApps getting attacked, the total damage seemingly adds up to 200,000 EOS being stolen without recourse.
To put this in perspective, the attack itself was facilitated by exploiting several EOS nodes. In doing so, the attack succeeded in exploiting transactions which are not part of an irreversible block. There is a time delay regarding the synchronization of API nodes and BP nodes. While that would usually not cause any real problems, it seemingly allows for hackers to exploit this price discrepancy to their heart’s content. As such, stealing funds becomes one of the possible outcomes in this regard.
During this time delay, the attackers successfully placed bets and asserted the transactions in favor. It is something could have been exploited a lot sooner, yet it is also something that does not affect all EOS gambling dApps at this time. The most popular one, known as EOSbet, is not affected by this most recent development. Instead, some of the smaller applications are involved, although they still process a ton of funds every single day.
It is important to note this EOS gambling dApp attack has nothing to do with an actual vulnerability on the smart contract level. Instead, the developers are trying to unravel the inner workings of this attack to ensure something like this will not happen again. Knowing there is no security issue within the associated smart contracts is a positive sign first and foremost
It is commendable to see all parties involved be so transparent about what has happened exactly. It seems the ToBet dApp developers will carry the burden of these financial losses on their own according, even though a 22,000 EOS deficit is not something to be shrugged off that easily. BetDice and EOSMax have not issued an official statement at the time of writing, albeit it is expected they will take a very similar course of action.
When incidents like these occur, there will always be some mud slinging to contend with. Some will see this as an example of how immature EOS is. Others will commend the involved parties for their transparency and approach to handling these losses. In most cases, an attack like this helps strengthen the ecosystem in question. As such, it seems likely EOS will come out stronger as well. Ensuring these attacks cannot happen again, however, may prove to be somewhat challenging.