EOS DApp EOSPlay encounters a new random number attack

According to the slow fog zone intelligence, the DICE game in EOS DApp EOSPlay suffered a new random number attack last night, losing tens of thousands of EOS. The project party has suspended the game. After analysis by the slow fog security team, it was found that the attacker (account: muma******mm) may use the following methods to achieve the purpose of the attack. 1. The attacker rents a large amount of CPU for himself and the project party; 2. The attacker sends a large number of defer transactions; 3. Due to the above two reasons, the CPU price is pulled up, resulting in insufficient CPU of other users; 4. Because the CPU Insufficient reason, other users are difficult to send transactions, the attacker can use their own transactions to fill the block; 5. According to the transaction content constructed in advance, the attacker can successfully predict the block hash.
Since the project party uses the method of using the future block id to draw the prize, by controlling the transaction content in the block, the block information can be controlled, and then the block id can be controlled to achieve the purpose of predicting the lottery result.