An unknown hacker has obtained 30,000 EOS worth over $110,000 by exploiting gambling
The continuous exploit on EOSIO is permitting the hacker to win all rolls on gambling dApp EOSPlay by paying to fill blocks with their transactions.
The hacker utilized REX, an EOS resource exchange for RAM and CPU, to assure blocks were filled with their transactions to win on the gambling dApp constantly. This lead to the EOSIO network freezing while a large number of EOS were transferred into the hacker’s wallet. In other words, the attacker was able to manipulate winning conditions in gambling dApps.
The attacker initially rented an enormous amount of CPU and NET at EOS’s REX resource exchange. The hacker had approximately 900,000 EOS staked and allocated to the CPU. After the network was congested, the hacker launched a number of contracts to the gambling dApp. Clearly, the attacker was capable of manipulating winning conditions since the application relied on transactions to establish such winning conditions.
The attacker spent roughly $1,200 in EOS (300 EOS) to establish the attack, which included several consequent transactions denoting successive wins on the EOS decentralized application.
EOS REX is the largest DeFi platform, with 331 million in EOS placed on the platform.
The congestion illustrated that merely the attacker and the targeted application had enough CPU to function. This hindered developers from ceasing the attack as early as it was detected.
The creator of the ERC-233 token said that the attack could have affected more than just
Before there is a fork or a patch, the exploit may continue to be misused at any time an EOSIO user spends $1,000 or more on REX.