Cyber Threat Actor: aabbccddeefg
| Actor Type | Location | Known Incidents |
Hacker
|
China
|
1 incident |
|---|
Profile
The threat actor is known exclusively by the alias aabbccddeefg and is associated with an operational base in China according to the provided context. This actor has been observed focusing on decentralized gambling applications that run on the EOS blockchain, indicating a sector‑specific interest in online gaming and related smart contract services. The demonstrated motivation in the publicly reported activity is financial gain, as the actor sought to divert cryptocurrency funds from victim platforms rather than pursue espionage, disruption, or other strategic aims. No additional details about the actor’s size, structure, or broader campaign goals are available in the source material.
In September 2018 the actor exploited a faulty assertion statement within the smart contract of the EOSBet gambling dApp, using an abi forwarder vulnerability to withdraw approximately 40,000 EOS, valued at roughly $200,000, from the platform’s operating wallet. After the theft, the project’s developers took the dApp offline to conduct forensic analysis and acknowledged that the breach resulted from a code flaw, noting that similar attacks had targeted other games employing the same exploitable code. Concurrently, the actor deployed accounts that closely mimicked the official EOSBet address—using the name eosbetdicell instead of the legitimate eosbetdice11—to send fraudulent memos to users. One memo threatened legal action, claiming that a team of lawyers in China would be hired to pursue losses unless funds were refunded, while another promised a bogus reimbursement scheme offering BET tokens in exchange for EOS transfers. These messages were accompanied by small token transfers to the attacker’s account, attempting to capitalize on the post‑incident confusion and trick additional victims into sending money.
Public attribution beyond the geographic indicator of China has not been established, and no connections to state sponsors or known criminal consortia have been disclosed in open sources. Developers involved in the incident reported that other EOS‑based games had been attacked using the identical abi forwarder exploit, suggesting a pattern of reuse of this specific technique by the actor. The absence of reported malware families or conventional intrusion tools indicates that the operation relied solely on crafted blockchain transactions and social engineering via memo fields. The EOSBet breach therefore serves as a concrete example of the actor’s capability to identify and exploit faulty assertions in smart contracts for monetary profit, with the observed TTPs appearing repeatedly across multiple targets within the same ecosystem.
