Smart contracts can be viewed as a blessing for automation of tasks in the blockchain, but if taken lightly and written with little knowledge of the importance that a tool like it should have, it could be manipulated and exploited very easily.
This is what happened in this occasion when a hacker identified as Runningsnail (a quite improbable nickname) manipulated the smart contracts system to steal more than $20,000 in EOS cryptocurrency, as reported by Sophos Naked Security website.
EOS, in contrast with p2p cryptocurrency like Bitcoin Cash that has no smart contracts directly embedded, serves to run distributed programs scattered in the blockchain. This platform claims to be able to do many various things, and that is what purportedly gives Ethereum and EOS their “versatility”. In this case, the program being executed was none other than an online casino featuring different games from a company named DEOS Games.
Our unsung thief, Runningsnail managed to exploit and hack the bet and game mechanism to convince the platform that he had won every single time he played. This happened for a long time till the alarms rang for DEOS Games that assumed it as a stress test for its platform and reminded users that they were still in beta stages.
Despite being in beta stages, security of their customers’ funds must be the primary concern of every serious business. If this had been an exchange and great sums of money would have been at risk, it could not be handled in this half-assed way. But the EOS network is not the only party to blame here as DEOS Games employees share the responsibility. “A smart contract is only as smart as the people that write them”, said a wise man once. And we believe that is true.
Expect many more of this type of occurrence in the near future as more “decentralized apps” for Ethereum and EOS networks are released to the public.