Edgeless Casino lost $5600000 due to Parity hack

Luckily, project saved enough funds earlier to launch the platform in Q3
20 July 2017   6442

Is an open-source blockchain-based distributed computing platform featuring smart contract functionality, which facilitates online contractual agreements

Edgeless project, the Ethereum smart contract-based Casino, shared official announcement regarding Parity hack.

According to it, project lost  26 793 ETH ( 5.6 mill $ ) due to hackers attack. 


Distributed database that is used to maintain a continuously growing list of records, called blocks

But team had  diversified their funds right after an ICO and they have amount to run the project. Additionally, they got funds when ETH was 15$ — 50$ per unit and now ETH price is way much higher which covers our hacked loss. It means that platform launch will happen in Q3. However, team was forced to make some changes in dapp structure. From now it will be purely ran on EDG tokens, since a large part of team's ETH was supposed to be our casino’s bankroll.

That means, if players want to gamble on Edgeless casino, they will need to get EDG tokens.

Also, Edgeless, Æternirty and Swarn City formed a group to address this question. It will be announced in a near future.

Also, Aeternity had also shared information about the hack. Learn more about the Parity hack in our article

Coinbase Bug to Provide Unlimited Ethereum

The bug was found by VI Company in December last year
21 March 2018   95

VI Company reported the discovery of a vulnerability in the system of smart contracts of the Coinbase exchange, which allowed users to credit an unlimited amount of ETH to their accounts. Experts informed the company about the vulnerability in December last year, and in January it was eliminated. For their work, VI Company employees received an award of $ 10,000. This is reported by The Next Web.

By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account. If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want. When you look up the Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds.

VI Company Report

In practice, this means that Coinbase users were able to enroll any amount of Ethereum on their accounts.

Researchers provided screenshots showing how Ethereum was credited to their account using the cancellation of the transaction.

Coinbase Bug
Coinbase Bug

Steps to reproduce, provided by the researchers :

  • Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet (always throw exception when receiving funds smart contract for example)
  • Transfer appropriate funds to smart contract.
  • Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
  • Repeat until you have more than enough ethereum in your Coinbase wallet.
  • Cash out, transfer to off site wallet.

Whether any of the users could detect and take advantage of this vulnerability for their own enrichment is unknown.