Hackers have reportedly exploited a stolen private key to mint and abscond with over 1.79 billion PLA tokens, a cryptocurrency integral to the PlayDapp ecosystem.
PlayDapp operates as a blockchain-based platform facilitating non-fungible token (NFT) trading within gaming environments, enabling users to buy, sell, and trade digital assets across multiple games without intermediaries.
On February 9, 2024, an unauthorized wallet minted 200 million PLA tokens valued at $36.5 million. PeckShield, a blockchain security firm, indicated the potential use of a leaked private key by the attacker.
Following the breach, PlayDapp promptly notified its community, confirming the hack and implementing immediate countermeasures. All PlayDapp-held tokens, both locked and unlocked, were transferred to a new, secure wallet to safeguard assets.
In an attempt to retrieve the stolen assets, PlayDapp offered a $1 million “white hat” reward to the hacker for returning the contracts and assets by February 13, 2024, threatening legal action if refused. However, the offer was rebuffed as the hackers minted an additional 1.59 billion PLA tokens, totaling $290.4 million.
Elliptic, a cryptocurrency intelligence firm, highlighted that the minted tokens exceed the total supply before the breach, suggesting potential market manipulation. This influx of tokens has already impacted legitimate PLA token holders, with the price plummeting from $0.18 to $0.14 per token.
Consequently, PlayDapp requested the suspension of PLA trading on decentralized exchanges and withdrawal from liquidity pools. Presently, the platform has suspended deposits and withdrawals, freezing the hacker’s wallets on major exchanges while working on system migration using the current snapshot.
Users are urged to exercise caution against phishing and scams amid the breach fallout.
Elliptic warned that despite concerted efforts to impede token dispersion, the stolen funds are already in motion, potentially laundered across multiple accounts. The attack’s scale resembles previous breaches associated with the “Lazarus Group,” a North Korean hacking collective notorious for targeting crypto-gaming platforms and orchestrating significant cashouts.
