Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The attacker (panming12345) launched an attack on the EOS quiz game TRUSTBET game contract (trustbetgame), profiting a total of 11,501 EOS, and then transferred the EOS obtained from the attack to the Huobideposit account in two times. The attacker took advantage of the replay attack vulnerability. This is a form of attack that first appeared in the early days of the EOS DApp ecosystem. Due to the serious flaws in the random lottery algorithm designed by the developer, the attacker can use the contract vulnerabilities to draw the lottery repeatedly. Lower-level errors. Attack method (per SlowMist): Replay attack. Reported loss: 11,501 EOS.
- chain
- —
- protocol
- TRUSTBET
- bug_class
- logic
- date_occurred
- 2018-12-19
- loss_usd
- —
- source_id
- sm:trustbet::2018-12-19