Source: Crypto Slate
Ongoing EOSIO exploit allows attacker to steal 30,000 EOS as network freezes
An ongoing exploit on EOSIO is allowing an attacker to win every roll on gambling dApp EOSPlay by paying to fill blocks with their transactions. So far, the attacker stole 30,000 EOS worth over $110,000 while making the network “unusable.”
A clever attacker was able to use REX, an EOS resource exchange for RAM and CPU, to ensure that blocks were filled with their transactions to continuously win on the gambling dApp EOSPlay. This resulted in the EOSIO network “freezing” as thousands of EOS were fed to the attacker’s wallet, as confirmed by another source.
For 300 EOS, worth a little over $1,000, the attacker was able to make away with 30,000 EOS tokens, said Jared Moore to CryptoSlate, an investor in the EOS ICO and an active community member. A look at the on-chain transactions involved confirms the attack.
Until there’s a fork or a patch, the exploit can continue to be abused whenever an EOSIO user spends $1,000 or more on REX, Moore stated.
In contrast with Moore’s statements, Aaron Cox, a software developer and the co-founder of Greymass, claims that the exploit was not an issue with EOSIO or the rental of resources, but a bug in one of EOSPlay’s smart contracts.
“It’s unknown still at this point why they needed to spam the network in order to exploit the contract though,” Cox added.
Until the exploit is resolved users are recommended to trade their EOS for stablecoin to protect their funds.
Information is being added to this story as things unfold.
The post Ongoing EOSIO exploit allows attacker to steal 30,000 EOS as network freezes appeared first on CryptoSlate.