hacker going online by the pseudonym of “aabbccddeefg” has exploited a vulnerability to steal over 24,400 EOS coins ($125,000) from a blockchain-based betting app.
The game has been running online for a few months, but yesterday, a Reddit user spotted that an EOS user named aabbccddeefg had siphoned a large stack of funds from the EOSBet Dice’s shared money pool.
The hacker operated by sending a transaction to the EOSBet main game account, which exploited a lack of proper parameter checks that allowed the hacker to trick the game into sending back fake earnings.
“Yep, we were hacked,” EOSBet Cassino admitted via its official Reddit account. “More details to come. Trying to figure it out ourselves.”
The company pulled the game following the attack.
Another Redditor keeping an eye on the hacker’s account noticed that the hacker wasn’t particularly interested in laundering his money and losing his tracks.
“So this guy hacks EOSBET and what does he do? Play space invaders. I’m not even kidding…,” the user said.
And to put the cherry on top of this whole incident, just a few days earlier, EOSBet had mocked a competitor on Twitter for getting hacked.
“DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll,” EOSBet tweeted. “As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on.”
Well, that’s that!