create account

The attacker has stolen more than 30,000 EOS by loading the network with rented resources by gogabelyaev

View this thread on: hive.blogpeakd.comecency.com
eoscrime · @gogabelyaev ·
$13.00
The attacker has stolen more than 30,000 EOS by loading the network with rented resources
An attacker assigned at least 30,000 EOS worth over $110,000 at the current rate of exchange from gaming applications on the network, loading it with leased resources.

To carry out the attack, he leased large amounts of CPU and RAM resources on the EOS REX exchange, launched earlier this year. With their help, he was able to prioritize his transactions over those of other users and direct them to attack the EOSPlay contract.

Initially, users assumed that the organizer of the attack somehow predicted the outcome of the rounds based on the information available in the previous blocks, but later a different version appeared, related to the filling of future blocks with transactions in an overloaded network: "No one knows a random number in advance. The attacker fills the queue with different transactions and then waits for them to reach the block where the outcome of the bet will be determined. If the outcome is negative, it disables the transactions, sending them into an infinite loop and thus preventing them from losing.

One smart contract developer said that not only EOSPlay, but also some other applications that used additional accounts to interact with it, were likely to have been attacked, but the scheme remained the same.

Presumably, the organizer of the attack gave up about 300 EOS for renting resources to implement the plan. As a result, not only the users of the network, but also the EOSPlay developers themselves couldn't take action on the network to stop the malicious actions in their contract.

Commenting on what happened, EOS technical director Daniel Larimer noted that protocol vulnerabilities have nothing to do with this attack. Similarly, cybercriminals can fill in transactions with high Bitcoin and Ethereum blockchain commissions. He recommended that EOSPlay developers should reduce the CPU requirement for contract termination or rent enough resources to be able to intervene if necessary.
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 132 others
properties (23)
authorgogabelyaev
permlinkthe-attacker-has-stolen-more-than-30-000-eos-by-loading-the-network-with-rented-resources
categoryeoscrime
json_metadata{"tags":["eoscrime"],"app":"steemit/0.1","format":"markdown"}
created2019-09-16 23:36:57
last_update2019-09-16 23:36:57
depth0
children2
last_payout2019-09-23 23:36:57
cashout_time1969-12-31 23:59:59
total_payout_value6.582 HBD
curator_payout_value6.418 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,940
author_reputation7,984,484,174,283
root_title"The attacker has stolen more than 30,000 EOS by loading the network with rented resources"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,647,035
net_rshares33,910,554,608,069
author_curate_reward""
vote details (196)
@steemitboard · 
Congratulations @gogabelyaev! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

<table><tr><td><img src="https://steemitimages.com/60x70/http://steemitboard.com/@gogabelyaev/voted.png?201909170047"></td><td>You received more than 500 upvotes. Your next target is to reach 1000 upvotes.</td></tr>
</table>

<sub>_You can view [your badges on your Steem Board](https://steemitboard.com/@gogabelyaev) and compare to others on the [Steem Ranking](https://steemitboard.com/ranking/index.php?name=gogabelyaev)_</sub>
<sub>_If you no longer want to receive notifications, reply to this comment with the word_ `STOP`</sub>



###### [Vote for @Steemitboard as a witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1) to get one more award and increased upvotes!
properties (22)
authorsteemitboard
permlinksteemitboard-notify-gogabelyaev-20190917t011723000z
categoryeoscrime
json_metadata{"image":["https://steemitboard.com/img/notify.png"]}
created2019-09-17 01:17:21
last_update2019-09-17 01:17:21
depth1
children0
last_payout2019-09-24 01:17:21
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length856
author_reputation38,975,615,169,260
root_title"The attacker has stolen more than 30,000 EOS by loading the network with rented resources"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,648,933
net_rshares0
@tts · 
To listen to the audio version of this article click on the play image.
[![](https://s18.postimg.org/51o0kpijd/play200x46.png)](http://ec2-52-72-169-104.compute-1.amazonaws.com/gogabelyaev__the-attacker-has-stolen-more-than-30-000-eos-by-loading-the-network-with-rented-resources.mp3)
Brought to you by [@tts](https://steemit.com/tts/@tts/introduction). If you find it useful please consider upvoting this reply.
properties (22)
authortts
permlinkre-the-attacker-has-stolen-more-than-30-000-eos-by-loading-the-network-with-rented-resources-20190917t000206
categoryeoscrime
json_metadata""
created2019-09-17 00:02:06
last_update2019-09-17 00:02:06
depth1
children0
last_payout2019-09-24 00:02:06
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length412
author_reputation-4,535,154,553,995
root_title"The attacker has stolen more than 30,000 EOS by loading the network with rented resources"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,647,542
net_rshares0
Help/Feedback