Cyber Incident Victim: EOSBet

On October 15, 2018, hackers exploited a vulnerability in the EOSBet decentralized gambling application, resulting in the theft of approximately $338,000 worth of EOS cryptocurrency. Attackers injected malicious code into standard EOS accounts, manipulating the platform’s smart contract to trigger illegitimate fund transfers. This code activated EOSBet’s "transfer" function, causing the system to match every EOS sent by attackers with equal amounts from its operational wallets. Three identified transactions, including one from the account ‘ilovedice123,’ siphoned 65,000 EOS directly to a major cryptocurrency exchange. The theft occurred rapidly, with each transaction granting attackers roughly 500 EOS, draining a significant portion of EOSBet’s holdings in under a minute. This marked the second major security breach within a month, following a separate $200,000 exploit in September 2018. After the earlier incident, EOSBet had claimed its code underwent extensive audits by internal developers and independent third parties while pledging to strengthen security measures.

The attackers’ method involved exploiting smart contract logic to force unauthorized fund matching, bypassing normal operational controls. EOSBet’s team did not immediately disclose the full extent of losses, but a block producer confirmed developers had patched the vulnerability following the breach. The incident highlighted persistent security flaws despite prior assurances of platform safety. No additional technical specifics about the patch or long-term financial impacts were provided in available reports. The theft underscored operational risks in decentralized applications reliant on smart contracts, particularly in gambling ecosystems handling high-value transactions. EOSBet’s repeated breaches within weeks demonstrated ongoing challenges in securing dynamically interacting blockchain components against evolving attack vectors.