- EOS betting dapps hacked
Several EOS gambling dapps were attacked on December 18th according to PeckShield, a tech security company.
A hacker using an address named “panming12345” attacked the EOS gambling game TRUSTBET and transferred 11,501 EOS to his Huobi exchange account. After that, a game called EOS Max suffered a hack as well, with an address “eykkxszdrnnc” attacking the game contract and syphoning 55,526.05 EOS. Third gaming platform called ToBet got hit by an address “kfexzmckuhat” and lost 22,000 EOS as a result.
Finally, the biggest attack of the day was suffered by BetDice, which lost approximately 200,000 EOS to the hack. BetDice released an explanation detailing the attack:
“We’d like to provide more details regarding the attack
that took place today.
The attack started at 17:00 UTC, and we noticed the suspicious activity at 17:45 UTC. At 17:55, we executed an emergency game stop, judged the attack to be a non-contractual issue, and immediately contacted BPs for further investigation, while also contacting other dapps that were under attack to alert them.
We submitted our contract to the BPs for review. The conclusion was that our contract is very safe and did not have any loopholes that could be abused.At 21:00 UTC, we reached a conclusion and confirmed the nature of the attack.
The attacker discovered a way to exploit EOS nodes. The transactions not in an irreversible block could be exploited due to time needed to sync between the API node and BP node. They used this exploit to place bets, but only asserted the transactions in their favor. In short, they would only submit the transaction to the BP node if it was a winning transaction. This attack was not due to a vulnerability on the contract level.
Since the attacker used many accounts, the actual loss is still undetermined, but it is estimated that about 200,000 EOS was lost. Although this loss is not negligible, it does not affect our operation at all. We can easily withstand more than 500,000 EOS losses, which is still only a small part of our funds.”
The crux of the issue seemingly lies in dApps that used their own node; these nodes were producing side effects before being included in an “official” block producer block. This allowed an attacker to only submit winning transactions to BP nodes, without losing transactions. It was later confirmed that this vulnerability was the cause of all the other hacks as well. A solution was found to avoid further hacking (besides banning the confirmed hacker accounts from the mainnet) and it required for dAapps to run their own node that had its read mode set to read only.
The attacker ultimately spread out the stolen funds across thousands of EOS accounts, with each account storing 60 EOS. This move makes it difficult to track down the funds and return them to their original owners. Even if it were possible to track down everything that was stolen, EOS effectively reversing its blockchain transactions will add further fuel to the fire of the project being too centralized. These latest blunders represent a continuation of a trend of EOS dApps having their vulnerabilities exploited, with over 13 different gambling games getting attacked in the last 30 days.
- CCID Public Blockchain Ranking Round 8 released
Chinese Ministries of Industry and Information Technology very own research institute CCID released the 8th rendition of its growingly popular public blockchain technology assessment index.
In this latest release of the CCID Index, EOS managed to retain the spot no.1 with board best 156 index points to it. As a reminder, CCID grades cryptocurrency projects in the areas of Basic Tech, Applicability and Innovation; admittedly, these all sound rather vague and the ratings are questionable at best, as some members of the community insinuate that there might be some favoritism involved in the grading process.
Still, the grades are out and EOS apparently has the best basic tech on the market, with 106.4 points in this bracket. Applicability scores are low across the board, with Ethereum’s 28.8 making it the most applicable cryptocurrency. Innovation scores aren’t that high either but interestingly enough Bitcoin runs away in this category with 36 points.
Overall, the top 10 looks like this: EOS (156.0), Ethereum (136.5), GXChain (117.4), Komodo (112.7), Ontology (112.6), NULS (112.2), Nebulas (111.4), BitShares (110.3), NEO (108.3), and Steem (107.0). The most popular cryptocurrency on the market, Bitcoin, sits on the 18th spot with 96 points.
- Dash adoption in Venezuela grows: 2500 merchants accepting the currency
Dash and Venezuela are becoming two synonymous terms as the country recently saw the number of Dash-accepting merchants rise over 2500. The number can be confirmed by looking at the Dash merchant listing website DiscoverDash, which currently displays 2534 total merchant listing in the country. Considering that the second nearest country in terms of merchant distribution is USA with 530 merchants, Venezuela is by far the biggest connoisseur of this cryptocurrency/payment solution.
Overall, with the total number of Dash merchants in the world sitting at around 4500, Venezuela represents more than 50% of that number. Transaction activity has also increased, according to Dash Merchant Venezuela’s head Alejandro Echeverría. Daily transaction counts have increased several times over (currently sitting at hundreds per day), he said in a recent interview.
“This has been possible thanks to the joint efforts of all the teams here doing promotion, particularly our activities for “incentivizing consumption” (stage three of our strategy for adoption) where merchants do discounts, promotions and we support them on-site. Besides, the influencer campaign we did on Instagram was very successful and this created even more awareness,” he added.
Much of the increase has been linked to the recent take-off of KRIP mobile phones, low-cost smartphones that come pre-equipped with a variety of Dash apps including a Dash wallet, Bitrefill gift voucher service, and the Uphold brokerage app. These phones come alongside paper wallets pre-loaded with small amounts of Dash which allow the user to more seamlessly integrate into the Dash ecosystem. Reports suggest that over 66,000 KRIP mobile phones have been sold as of the beginning of this month, potentially accounting for thousands of new wallets created.
- NANO Boulton up and running
Nano finally got around to releasing the v17 (Boulton) update and it brought several interesting new features with it.
Lazy bootstrapping has been a long awaited one and it has been officially rolled out. Thanks to this feature, Nano software is now able to intelligently download the ledger, and thus reduce the time it takes to start participating on the network using the Nano node. The team already teased further improvement in v18 which should come with “local account priority”, a feature that’ll cause the nodes to update much faster after longer periods of inactivity.
Other improvements include:
- RPC stability: should bring increased performance and stability on RPC calls
- Reduced resource usage: some features of v17 are activated only as other v17 nodes come online to talk to one another; this reduces bandwidth and resource usage on nodes
Nano team has already begun working on v18 (Dolphin) update and will share more details about that one in the near future.