Cyber Incident Victim: EOSBet

On September 14, 2018, the EOSBet gambling decentralized application (dApp) suffered a security breach resulting in the theft of 40,000 EOS tokens valued at approximately $200,000 from its operational wallet. The attack exploited vulnerabilities in the platform's smart contracts, specifically targeting a faulty assertion statement in the code related to an "abi forwarder" function. This vulnerability was not initially recognized as critical by EOSBet developers, who had publicly promoted the platform as exceptionally secure just days prior to the incident. Following the breach, EOSBet representatives confirmed the theft through official communications, acknowledging the severity of the exploit while forensic analysis remained ongoing. The dApp was immediately taken offline to contain the incident and prevent further unauthorized access.

The breach triggered secondary malicious activity on the EOS blockchain, with scammers impersonating EOSBet's official account ('eosbetdice11') through a similarly named account ('eosbetdicell'). These bad actors sent threatening messages to the attacker's account demanding refunds of "illegal income," while simultaneously attempting to defraud users by promoting fake reimbursement programs tied to BET token exchanges. EOSBet confirmed no such reimbursement initiatives existed at the time. This incident occurred against the backdrop of unusual platform activity earlier that week, when a gambler legitimately won over $600,000 during a 36-hour period – an event EOSBet had vigorously defended as non-exploitative prior to the hack. The platform's developers collaborated with other EOS developers and Block Producers (BPs) to investigate the smart contract vulnerability, which was found to have affected multiple EOS-based gambling applications. No definitive connection was established between the $600,000 payout and the subsequent breach during the initial investigation phase.