Edgeless Casino lost $5600000 due to Parity hack

Luckily, project saved enough funds earlier to launch the platform in Q3
20 July 2017   8186
Ethereum

Is an open-source blockchain-based distributed computing platform featuring smart contract functionality, which facilitates online contractual agreements

Edgeless project, the Ethereum smart contract-based Casino, shared official announcement regarding Parity hack.

According to it, project lost  26 793 ETH ( 5.6 mill $ ) due to hackers attack. 

Blockchain

Distributed database that is used to maintain a continuously growing list of records, called blocks

But team had  diversified their funds right after an ICO and they have amount to run the project. Additionally, they got funds when ETH was 15$ — 50$ per unit and now ETH price is way much higher which covers our hacked loss. It means that platform launch will happen in Q3. However, team was forced to make some changes in dapp structure. From now it will be purely ran on EDG tokens, since a large part of team's ETH was supposed to be our casino’s bankroll.

That means, if players want to gamble on Edgeless casino, they will need to get EDG tokens.

Also, Edgeless, Æternirty and Swarn City formed a group to address this question. It will be announced in a near future.

Also, Aeternity had also shared information about the hack. Learn more about the Parity hack in our article

Constantinople to be Postponed

Ethereum's hardfork will be late due to critical vulnerability found
16 January 2019   196

A scheduled upgrade of the Ethereum network called Constantinople was postponed indefinitely after a critical vulnerability was discovered in one of the improvements, CoinDesk reports.

This is a vulnerability in EIP-1283, which, as identified by the audit company SmartSecurity smart contracts, gave hackers the opportunity to steal user funds.

During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.

In particular, Vitaly Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager of Parity Afri Shoedon took part in the meeting. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hardfork (around 04:00 UTC on January 17).

A vulnerability, called a reentrancy attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.

Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.
 

Joanes Espanol

CTO, blockchain analytics firm Amberdata

According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.

Representatives of ChainSecurity also noted that up to the Constantinople hard fork, data storage on the network cost 5,000 units of gas, which exceeds the 2,300 gas usually needed to call the “transfer” and “send” functions. After the upgrade, “dirty” storage operations will cost 200 units of gas, and an attacking contract can use 2,300 gas to successfully manipulate the variables of vulnerable contracts.

New date of hardfork not yet determined.