betting dapps hacked

Several EOS gambling dapps were attacked on December 18th
according to PeckShield, a tech security company.

A hacker using an address named “panming12345” attacked the EOS gambling game TRUSTBET and transferred 11,501 EOS to his Huobi exchange account. After that, a game called EOS Max suffered a hack as well, with an address “eykkxszdrnnc” attacking the game contract and syphoning 55,526.05 EOS. Third gaming platform called ToBet got hit by an address “kfexzmckuhat” and lost 22,000 EOS as a result.

Finally, the biggest attack of the day was suffered by
BetDice, which lost approximately 200,000 EOS to the hack. BetDice released an
explanation detailing the attack:

We’d like to provide more details regarding the attack
that took place today.

The attack started at 17:00 UTC, and we noticed the suspicious activity at
17:45 UTC. At 17:55, we executed an emergency game stop, judged the attack to
be a non-contractual issue, and immediately contacted BPs for further
investigation, while also contacting other dapps that were under attack to
alert them.

We submitted our contract to the BPs for review. The conclusion was that our
contract is very safe and did not have any loopholes that could be abused.
At 21:00 UTC, we reached a conclusion and confirmed the nature of
the attack.

The attacker discovered a way to exploit EOS nodes. The transactions not in an
irreversible block could be exploited due to time needed to sync between the
API node and BP node. They used this exploit to place bets, but only asserted
the transactions in their favor. In short, they would only submit the transaction
to the BP node if it was a winning transaction. This attack was not due to a
vulnerability on the contract level.

Since the attacker used many accounts, the actual loss is still undetermined,
but it is estimated that about 200,000 EOS was lost. Although this loss is not
negligible, it does not affect our operation at all. We can easily withstand
more than 500,000 EOS losses, which is still only a small part of our funds.”

The crux of the
issue seemingly lies in dApps that used their own node; these nodes were producing
side effects before being included in an “official” block producer
block. This allowed an attacker to only submit winning transactions to BP
nodes, without losing transactions. It was later confirmed that this
vulnerability was the cause of all the other hacks as well. A solution was
found to avoid further hacking (besides banning the confirmed hacker accounts
from the mainnet) and it required
for dAapps to run their own node that had its read mode set to read only.

The attacker
ultimately spread out the stolen funds across thousands of EOS accounts, with
each account storing 60 EOS. This move makes it difficult to track down the
funds and return them to their original owners. Even if it were possible to
track down everything that was stolen, EOS effectively reversing its blockchain
transactions will add further fuel to the fire of the project being too
centralized. These latest blunders represent a continuation of a trend of EOS dApps
having their vulnerabilities exploited, with over 13 different gambling games
getting attacked in the last 30 days.

  • CCID Public Blockchain Ranking Round 8 

Chinese Ministries
of Industry and Information Technology very own research institute CCID
released the 8th rendition of its growingly popular public
blockchain technology assessment index.

In this latest
release of the CCID Index, EOS managed to retain the spot no.1 with board best
156 index points to it. As a reminder, CCID grades cryptocurrency projects in
the areas of Basic Tech, Applicability and Innovation; admittedly, these all
sound rather vague and the ratings are questionable at best, as some members of
the community insinuate that there might be some favoritism involved in the grading

Still, the grades
are out and EOS apparently has the best basic tech on the market, with 106.4
points in this bracket. Applicability scores are low across the board, with
Ethereum’s 28.8 making it the most applicable cryptocurrency. Innovation scores
aren’t that high either but interestingly enough Bitcoin runs away in this
category with 36 points.

Overall, the top 10 looks
like this: EOS (156.0), Ethereum (136.5), GXChain (117.4), Komodo (112.7),
Ontology (112.6), NULS (112.2), Nebulas (111.4), BitShares (110.3), NEO
(108.3), and Steem (107.0). The most popular cryptocurrency on the market, Bitcoin,
sits on the 18th spot with 96 points.

  • Dash adoption in Venezuela grows: 2500
    merchants accepting the currency

Dash and Venezuela
are becoming two synonymous terms as the country recently saw the number of
Dash-accepting merchants rise over 2500. The number can be confirmed by looking
at the Dash merchant listing website DiscoverDash, which currently displays
2534 total merchant listing in the country. Considering that the second nearest
country in terms of merchant distribution is USA with 530 merchants, Venezuela
is by far the biggest connoisseur of this cryptocurrency/payment solution.

Overall, with the
total number of Dash merchants in the world sitting at around 4500, Venezuela
represents more than 50% of that number. Transaction activity has also
increased, according to Dash Merchant Venezuela’s head Alejandro Echeverría. Daily
transaction counts have increased several times over (currently sitting at
hundreds per day), he said in a recent interview.

“This has been possible thanks to the joint
efforts of all the teams here doing promotion, particularly our activities for
“incentivizing consumption” (stage three of our strategy for adoption) where
merchants do discounts, promotions and we support them on-site. Besides, the
influencer campaign we did on Instagram was very successful and this created
even more awareness,”

Much of the increase
has been linked to the recent take-off of KRIP mobile phones, low-cost
smartphones that come pre-equipped with a variety of Dash apps including a Dash
wallet, Bitrefill gift voucher service, and the Uphold brokerage app. These
phones come alongside paper wallets pre-loaded with small amounts of Dash which
allow the user to more seamlessly integrate into the Dash ecosystem. Reports
suggest that over 66,000 KRIP mobile phones have been sold as of the beginning
of this month, potentially accounting for thousands of new wallets created.

  • NANO Boulton up and running

Nano finally got
around to releasing the v17 (Boulton) update and it brought several interesting
new features with it.

Lazy bootstrapping
has been a long awaited one and it has been officially rolled out. Thanks to
this feature, Nano software is now able to intelligently download the ledger,
and thus reduce the time it takes to start participating on the network using
the Nano node. The team already teased further improvement in v18 which should
come with “local account priority”, a feature that’ll cause the nodes to update
much faster after longer periods of inactivity.

Other improvements

  • RPC stability:
    should bring increased performance and stability on RPC calls
  • Reduced
    resource usage: some features of v17 are activated only as other v17 nodes come
    online to talk to one another; this reduces bandwidth and resource usage on

Nano team has
already begun working on v18 (Dolphin) update and will share more details about
that one in the near future.

The post Nano Boulton upgrade is impressive, EOS dapps are paradise for hackers while DASH and Venezuela love is still strong appeared first on CaptainAltcoin.

Full article