Decentralized, EOS-based ‘Smart’ Casinos Hacked, Over $250,000 Stolen

Posted on: September 18, 2018, 11:30h. 

Last updated on: September 18, 2018, 07:11h.

EOSBet and DEOSGames, two blockchain-based “smart” casinos were hacked last week, leading to the theft of more than $250,000 in EOS, the digital currency that powers the EOS.IO blockchain protocol.

EOSBet and DEOSGame hacked
Last week’s hacks are likely to have shaken faith in the technology behind edgeless smart casinos, like EOSBet and DEOSGame, which in turn can lead to devaluation of the digital currency that powers them. (Image: PA)

Both gaming platforms are part of a new wave of online casinos that offer a “decentralized,” user-driven gaming experience, using blockchain-based smart contracts to eliminate the overheads of traditional online casinos, allowing them to offer zero house edge.

Instead, “the house” derives its edge (around 0.83 percent, over time) from the mistakes players make when they deviate from the optimal game strategy, as most do.

Smart contracts, meanwhile, offer full transparency and lightning fast transactions, making this new breed of casino highly attractive to players who have their heads tuned into blockchain technology.

But the hacks of the last few days are likely to have shaken faith in the EOS.IO platform and impacted the value of EOS.

Winner Every Time!

The first attack occurred on September 9th at DEOSGames when a player with the username “runningsnail,” who had registered the same day, went on a run of 24 consecutive wins on the site’s Lucky Dice game, taking the casino for around $24,250.

In this brave new world of transparent smart contracts, the internet had a ringside seat to this statistically unlikely occurrence. DEOSGames was forced to admit a day later that runningsnail’s smart contract had interacted with its own, but it had included malicious code that allowed the hacker to win every time.

On Saturday, EOSBetCasino reported in a statement on Reddit that it had been the victim of an attack the previous day, September 14, which had resulted in theft of $236,000.

EOSBet said the hackers had exploited a flaw in the coding that had allowed them to freeroll the system — essentially their stakes were not deposited into the smart contract, but winnings were received, meaning they were playing the high-stakes for free.

“The remaining 463,745 EOS in our EOSBETDICE11 and EOSBETCASINO contracts are safe, the vulnerability is patched, and we are back online. We want to be as transparent as possible in explaining this breach and addressing any concerns the community might have,” the casino assured its customers.

Edge Zero, Stakes ‘High’

If your first reaction to the idea of an “edgless” casino is, “where’s the catch?” here’s your answer. The concept is real, but the technology is new and therefore susceptible. The website Naked Security had the following to say this week on the problem with smart contracts.

“Unlike with other software, which deals with symbols representing money, the data that they send around the network is actually money,” it wrote.

“When it’s sent, no bank has to follow up and settle it later. It’s gone, whisked off to someone’s anonymous account — whoosh — and you don’t get it back. So, the stakes are high when dealing with security flaws in smart contracts.”