A Day of the Hacks: 7,710 TRX Stolen of TRON’s Game of Dice Attack Using a Reversal of Transactions
DAppShield, the risk control platform of the Chinese security firm PeckShield, supervised that between 6:00 pm and 8:00 pm on May 7 (UTC), a dice game in TRON was attacked by transaction rollback, with a total of 7710 TRX stolen.
Previously, PeckShield security personnel discovered that this hacker had initiated transaction rollback attacks on multiple DApp contract addresses by adopting the same attack method until the contract balance was reset to zero.
In programming, a rollback or reversal is the operation of restoring a database to a previous state by canceling a specific transaction or set of transactions. Reversals are performed automatically by the database systems or manually by the users.
This type of attacks on blockchain platforms that are used for the deployment of DApps is not new. Already in December 2018, exactly the 19th, Bitpie, a cryptocurrency, and cryptographic wallet custody service, announced in its official blog, that some networks suffered successively the rollback attack on platforms such as Betdice, EOS MAX, TOBET, among others.
Due to these attacks, Betdice lost approximately 200 thousand EOS ($ 500 thousand dollars) and EOS MAX lost close to 50 thousand EOS ($ 125k) because the hacker took advantage of the vulnerability of the EOS node (not the gaps in the contracts of the DApps).
In general, the only way that should exist in a blockchain to make a reversal of transactions in a contract that happened days ago is by means of a hard fork.
This would mean that any owner of the coins could vote to revert the state to a given block number and would then have to attract enough miners to run this network.
Already earlier this year, the same Chinese firm, PeckShield, had detected in the block of EOS, that the game EOS.Win had been suffered a similar attack, in this case, a congestion attack of transactions that was corrected opportunely by Block .one, in collaboration with the Chinese security company.
In this case, the attacker generates a series of deferred junk transactions, which take precedence over user transactions, causing a timeout that uses up all CPU time and ultimately paralyzes the EOS network.
In general, rollback transactions can be used to delete all data modifications made since the beginning of the transaction or at a safeguarding point. It also releases resources held by the transaction. It is very common to use it in “soft fork” to correct unwanted or unplanned changes occurred within the chain of blocks.
Tron in its manual of exceptions for programmers includes the cases of affirmative style and style required in the Tron Virtual Machine (TVM) that generate a rollback, in order to preserve the atomicity of the transaction.
For now, in a day of bad news for the ecosystem due to hacking news to Binance and now to Tron, the market is beginning to react negatively, with the fall of the main altcoins and Bitcoin.
It remains to wait for the course of the hours to be able to know the real scope of these attacks in the crypto market.