RedKeysGame Random Number Exploit
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The RedKeysGame is an online casino game project who also have their own token. They have been promoting their game on Twitter using clever AI-generated art advertisements. A classic random number vulnerability was used to exploit their smart contracts, which is likely based on the fact that random numbers aren't really random, and tend to be predictable in a smart contract. It is unclear if any of these funds belong to users. The project appears upset but continuing to run ad promote their project post-exploit.[1][2][3][4][5][6][7][8]
About RedKeys
"Welcome to Rekeys, where tokens become opportunities to multiply your earnings! Are you ready to embark on an exciting journey into the world of token flipping? Look no further – you're in the right place.
At Rekeys, we offer you a thrilling chance to play our flip game with tokens. It's simple yet exhilarating: just bet your tokens, flip them, and watch your potential earnings soar! With the possibility of winning up to x1000 of your initial wager, every flip brings with it the promise of excitement and reward. Whether you're a seasoned player or new to the game, Rekeys provides an engaging platform for everyone to participate.
Join our community of thrill-seekers and fortune-hunters today, and let the flipping begin! Ready to turn tokens into triumphs? Let's flip!"
"Hi my name is RedKeys I'm a corrupt gambler who doesn't get along with anyone, but I have a lot of friends. Sometimes I get angry, but at my core I'm a good key"
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| May 26th, 2024 11:23:59 PM MDT | Attack Transactions | The time of the attack transaction, based on a screenshot from BlockSec. |
| May 27th, 2024 12:03:00 AM MDT | BlockSec Tweet | BlockSec posts a tweet about the exploit, calling it a "classic random number issue". |
| May 27th, 2024 12:14:00 AM MDT | SlowMist Tweet | SlowMist tweets about the hacking event as "suspicious activity". |
| May 30th, 2024 3:31:00 AM MDT | RedKeys Upset Tweet | RedKeys refers to "some incidents that will upset us" but that they "are moving step by step towards our goal". |
| May 30th, 2024 4:36:00 AM MDT | RedKeys Responds | The RedKeys team responds to SlowMist to confirm that they were indeed hacked. |
Technical Details
"a series of suspicious transactions targeting an unknown #Redkeys game by exploiting a classic random number issue."
Total Amount Lost
Slowmist reports $10k.
The total amount lost has been estimated at $10,000 USD.
Immediate Reactions
"Our system has detected a series of suspicious transactions targeting an unknown #Redkeys game by exploiting a classic random number issue."
"According to the SlowMist security team, RedKeysGame on BNBChain was attacked, resulting in a loss of approximately $10,000."
"We detected potential suspicious activity related to a contract called "RedKeysGame" on the BSC.(Suspected to belong to @Redkeyscoin)"
Ultimate Outcome
"unfortunately, a negative incident happened to us and we were hacked, now our new contract is much better, we will reach your goal @SlowMist_Team"
"There have been some incidents that will upset us, but we are moving step by step towards our goal, I'm waiting for everyone to play the redkeys game"
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Jun 12, 2024)
- ↑ @SlowMist_Team Twitter (Jun 12, 2024)
- ↑ @Redkeyscoin Twitter (Jun 12, 2024)
- ↑ @Redkeyscoin Twitter (Jun 12, 2024)
- ↑ @Redkeyscoin Twitter (Jun 12, 2024)
- ↑ Red Keys Game - Play to Earn (Jun 12, 2024)
- ↑ @Phalcon_xyz Twitter (Jun 12, 2024)
- ↑ @Phalcon_xyz Twitter (Jun 12, 2024)