Cyber Threat Actor: runningsnail
| Actor Type | Location | Known Incidents |
Criminal
|
China
|
1 incident |
|---|
Profile
The threat actor known by the alias runningsnail has been observed operating from China, according to the limited location information available in open sources. The actor’s activity has been confined to the sector of decentralized applications built on the EOS blockchain, specifically those offering gambling or betting services. Observed behavior indicates a primary strategic objective of financial gain, achieved by exploiting weaknesses in smart contract code to withdraw funds far exceeding the initial stake.
In the September 2018 incident targeting the DEOSGames platform, runningsnail created a fresh EOS account less than a day before depositing 339 EOS, valued at approximately $1,695. By interacting with a vulnerable smart contract, the actor triggered the platform’s jackpot payout twenty‑four times within an hour, resulting in a withdrawal of 4,728 EOS, worth about $23,640. The actor retained the majority of the proceeds and subsequently began testing other EOS‑based betting dApps, suggesting a pattern of seeking additional soft targets within the same ecosystem. No malware families, custom tools, or initial‑access vectors beyond the contract exploit were described in the reporting.
Public attribution does not extend beyond the alias and the tentative geographic link to China; no state sponsorship, criminal consortium, or broader affiliations have been identified in the available material. The DEOSGames exploit stands as the most clearly documented operation linked to runningsnail, representing a representative example of the actor’s focus on exploiting smart‑contract weaknesses for monetary profit. While the reporting notes that similar vulnerabilities have been exploited in other EOS betting platforms such as EOSBet.io, those events are not directly tied to runningsnail and are mentioned only to contextualize the broader threat landscape affecting EOS‑based gambling applications.
