Literally a minute after I posted my fourth week of dividends, Betdice, MAX and TOB got hacked by the same person. Many people speculated in flaws in the contracts on the gambling dapp side of things, but as it turned out the attacker discovered a way to exploit EOS nodes.
The attacker discovered a way to exploit EOS nodes. The transactions not in an irreversible block could be exploited due to time needed to sync between the API node and BP node. They used this exploit to place bets, but only asserted the transactions in their favor. In short, they would only submit the transaction to the BP node if it was a winning transaction. This attack was not due to a vulnerability on the contract level.
Fortunately the fix was very easy and BP’s and the community in general are working to spread this fix so that all teams of not only gambling dapps but theoretically any dapp implements it.
The complete loss for betdice was around 200,000 EOS, and according to them they can easily withstand a loss of more than 500,000 EOS. No token holders were affected and today all gambling platforms were up and running and dividend payouts around the same.
The price of Dice, TOB and MAX fell around 20-30% yesterday and congratulations to anyone who made good trades or was able to buy in.
Keep in mind that EOS is built a little different than for example Bitcoin. The network tries to balance more things, and therefore more things can go wrong. Fortunately this was a small error and something that was very easy to fix.I think we should be thankful that it happened now and not much longer down the road.
And I’m also super glad to see the teams handling this so professionally.
If you liked this you can also check out some of my other articles about the same topic linked down below.