According to SlowMist, a Chinese blockchain security firm, DICE, a game of EOS DApp EOSPlay, suffered the random number attack on Sept 13, losing tens of thousands of EOS. The game has been suspended for now.
According to the security team, the attacker may use the following ways to conduct attacks: 1. The attacker rented a large number of CPUs; 2. The attacker initiated many deferred transactions; 3. Due to the above two reasons, the price of CPU is pushed up, resulting in insufficient CPU for other users; 4. Because of insufficient CPU, it is difficult for other users to send transactions, so attackers can use their own transactions to occupy the block; 5. According to the transaction content constructed in advance, the attacker can successfully predict the block hash.