EIDOS mining attack analysis: BigGame's CPU payment function, there are defects that can make the CPU can be maliciously controlled.

Between 19:04-23:29 last night, PeckShield security shield wind control platform DAppShield monitored hackers to launch a continuous attack on the EOS quiz game BigGame, using its new CPU payment function to conduct malicious mining, resulting in its CPU resources. Exhausted, a total of 1,993 EIDOS tokens were obtained. PeckShield security personnel analysis found that BigGame's new CPU payment function, there is a defect that the hijacking transfer notification initiates the inline operation, so that its CPU can be maliciously controlled. With the continued enthusiasm of EIDOS, many digital wallets or DApps have developed a one-click mining function to help users automatically implement transfer operations through intelligent programs, but once there is a potential security risk, the auxiliary tool will become an attacker. The accomplice has caused the ordinary user experience to be hurt. PeckShield reminds developers that if you have already paid for the CPU payment function, you should check the potential security risks to avoid damage to the general user experience caused by malicious attacks. If necessary, you can seek assistance from a third-party security company to help them complete new functions. Pre-online attack testing and basic security defense deployment.