Ongoing EOSIO exploit allows attacker to steal 30,000 EOS as network freezes

An ongoing exploit on EOSIO is allowing an attacker to win every roll on gambling dApp EOSPlay by paying to fill blocks with their transactions. So far, the attacker stole 30,000 EOS worth over $110,000 while making the network “unusable.”

A clever attacker was able to use REX, an EOS resource exchange for RAM and CPU, to ensure that blocks were filled with their transactions to continuously win on the gambling dApp EOSPlay. This resulted in the EOSIO network “freezing” as thousands of EOS were fed to the attacker’s wallet, as confirmed by another source.

For 300 EOS, worth a little over $1,000, the attacker was able to make away with 30,000 EOS tokens, said Jared Moore to CryptoSlate, an investor in the EOS ICO and an active community member. A look at on-chain transactions involved confirm the attack.

Transactions showing consecutive wins on EOSPlay

Until there’s a fork or a patch, the exploit can continue to be abused whenever an EOSIO user spends $1,000 or more on REX, Moore stated. 

There’s discussion about getting the EOS Core Arbitration Forum (ECAF) involved to potentially freeze the account or reverse the unscrupulous transactions. This is controversial, however, since “technically he legally obtained” the funds, added Moore. By the rules of the game it seems these transactions are valid from a code-is-law standpoint.

Until the exploit is resolved users are recommended to trade their EOS for stablecoin.

The post Ongoing EOSIO exploit allows attacker to steal 30,000 EOS as network freezes appeared first on CryptoSlate.


Posted

in

,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.