An EOS-based decentralized app (dApp) has been paying out big time . Betting platform DEOSGames was drained of a significant chunk of its operating funds in a heist that netted one ‘lucky’ punter almost $24,000.
Over less than an hour, a decentralized dice betting game paid its jackpot 24 times to just one individual. Despite depositing just 339 EOS ($1,695), after the lucky streak was over, EOS account “runningsnail” somehow managed to walk away with more than 4,728 EOS (approx. $23,640).
The lucky account was created less than a day before funds were first sent for betting. Tracking relevant transactions via an EOS blockchain explorer, we can see the 197 EOS jackpot, each the equivalent of almost $1,000, being paid to runningsnail repeatedly.
The wins were seemingly automatic. Each and every time runningsnail deposited 10 EOS, the jackpot was paid within an average of 30 seconds.
So far, runningsnail has kept most of his winnings – but we can see that he has started experimenting with some other EOS betting dApps, perhaps looking for another soft target.
DEOSGames has confirmed the exploit on its social channels. “Yesterday, we got a malicious contract exploit our contract, ” a statement read. “It is a good stress test and we got significant improvements on contract level.”
It remains unclear of the vulnerability is unique to DEOSGames, or if it extends to all similar EOS smart contracts. We’ve asked the company for a clarification.
While $24,000 might seem like small change compared to other world-shaking cryptocurrency heists , the prevalence of these small-time hacks is growing. Betting dApps running on EOS, in particular, are being picked apart frequently.
Just a few weeks ago, a vulnerability was similarly exploited in EOSBet.io. In the fallout, its betting dApp was forced offline, and the bug eventually led researchers to find another critical flaw in the EOS blockchain.
The discovery of vulnerabilities in EOS code is a lucrative business in itself. Researchers digging into EOS’ code have collected over $417,000 in bug bounties ; for context, the sum represents two-thirds of all cryptocurrency bug bountines on HackerOne this year.
( Edit: This post has been updated to correctly name the betting platform DEOSGames, as opposed to DEOSBet, as was originally reported.)
Japan tightens grip on cryptocurrency margin trading
Japan, the home of the now-defunct cryptocurrency exchange Mt. Gox , is establishing stricter rules for cryptocurrency margin trading to prevent investors from getting scammed.
Margin traders typically use borrowed funds from a broker to trade a financial asset, which in turn, forms the collateral for the loan supplied by the broker.
According to a report from Nikkei Asian Review, the new rules will come into place in April 2020, after the Japanese Cabinet approved draft amendments relating to payment services and financial instrument laws last Friday.
As a result, all cryptocurrency exchanges offering margin trading in the country will need to get new government registration within 18 months of the new rules coming into effect.
Essentially, the new rules will mean cryptocurrency exchange operators will be scrutinized in the same way as securities traders.
Cryptocurrency exchanges will be divided into categories in a bid to distinguish between those which engage in margin trading, and those which issue tokes or launch initial coin offerings.
The new scheme will add an additional layer to existing licensing requirements in Japan, wherein cryptocurrency exchanges are obliged to get a license as per the payment services law which came into effect in April 2017.
Today’s news comes after Japan’s Financial Services Agency (FSA) granted the cryptocurrency industry self-regulatory status in October last year, enabling the Japan Virtual Currency Exchange Association to police and sanction industry exchanges.
Japan’s seemingly progressive stance on virtual currency has meant it’s often been credited with being a “ cryptocurrency haven ” and these new measures will hopefully spell safer trading for investors across the country, especially those burnt by the notorious collapse of Mt.Gox.
Want to find out more about cryptocurrencies and blockchain technology? Check out our Hard Fork track at TNW 2019 !
Can blockchain co-exist with GDPR? It’s complicated
Our blockchain and cryptocurrency event, Hard Fork Decentralized , is just a couple of weeks away now. We’ll be discussing some of the industry’s greatest challenges, including how blockchains can stay GDPR compliant.
Earlier this month at the annual Ethereum conference, Vitalik Buterin spoke to Quartz about how he thinks that IBM’s commercial blockchain offerings are “totally not the point…” Blockchain should be open, transparent, and of the people .
As soon as the technology is put behind closed doors, is it really a blockchain anymore ? Like Buterin, some will bemoan the fact that private blockchains are not really blockchains, but does that even matter? In a world of data security and GDPR, maybe permissioned blockchains are the only way to be compliant ?
Of course, there is something inherently wrong about blockchains controlled by a centralized entity. For decentralization purists, you need more than just the technology to be decentralized to fully leverage the benefits of the system. Putting a blockchain inside the metaphorical walls of a corporation seems counter-intuitive.
That said, private blockchains might have a use. In some cases traditional, public blockchains could be ruined if they were to expose information that made them contravene General Data Protection Regulations (GDPR). Of course, it would be incredibly difficult, if not impossible, to sanction a blockchain that contravenes these regulations. How can a government fine a decentralized entity with no known owner, or firm, to front the bill?
The EU recently went so far as to say that private, permissioned blockchains would be the only way the decentralized technology can safely remain compliant with GDPR . Permissioned blockchains might be the only options for corporations who want to get in on the technology. But even then, it’s not as simple as just making a locked-down blockchain, there are a lot of hurdles to overcome if businesses want to ensure compliance with the law.
At Hard Fork Decentralized we’ll be looking at how companies that implement blockchain technologies can remain compliant with GDPR, while still maximizing the benefits. Join discussions hosted by Persona and eMusic about this topic!
If you’re not that interested in private blockchains or regulation, our event will feature a ton of other talks, sessions, and workshops! Check out our full list of events , hosted by the leading industry companies, to sign up for your favourite discussions. Be quick – spots are filling up fast! See you in London on December 12-14?