# Vulnerability of decentralized RNG's to Cyber Attacks

<figure><img src="/files/59riEjGQyItJkDLFW067" alt=""><figcaption></figcaption></figure>

Decentralized Random Number Generators, pivotal in blockchain ecosystems, are not impervious to security breaches. These vulnerabilities pose significant threats, especially in systems handling high-value transactions or assets. The inherent risks associated with RNGs in decentralized systems can lead to substantial financial and reputational damages.

The article ["Defeating EOS Gambling Games: The Tech Behind Random Number Loophole"](https://peckshield.medium.com/defeating-eos-gambling-games-the-tech-behind-random-number-loophole-cf701c616dc0) by PeckShield delves into the security vulnerabilities exploited by hackers in various EOS gambling games, which compromised the overall security of the EOS ecosystem. The hackers targeted eight games, successfully manipulating random number generation to win large sums, totaling 170,503.5 EOS tokens.

PeckShield's investigation revealed that these were coordinated attacks exploiting a random number loophole, with increasing frequency and success. One specific case study focused on the game EOS.WIN, where a hacker executed a series of attacks, ultimately circumventing the game's random number generation mechanism which used a deferred transaction model.

The crux of the vulnerability lay in the game's reliance on predictable elements such as transaction hash (txid), block height, and block prefix, which the attackers manipulated. By deploying multiple contract accounts to make simultaneous bets, attackers ensured that the conditions for winning were met by controlling the sequential order of bets and exploiting the game's transaction handling to maintain favorable bet IDs.

PeckShield concluded by advising developers against using player-controllable variables for random number generation and recommended separating the game's resolution and notification actions to enhance security. This case study highlights the critical need for robust random number generation mechanisms in blockchain-based applications to prevent manipulation and ensure fairness.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sp8de-docs.gitbook.io/s-p-8-d-e-or-white-paper/vulnerability-of-decentralized-rngs-to-cyber-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.