The Pokémon-like battler game Aurory encountered a significant exploit, allowing an attacker to withdraw around 600,000 AURY tokens valued at approximately $830,000. The exploit targeted the game’s off-chain marketplace through a race condition attack, enabling the attacker to send multiple simultaneous buy purchase requests, resulting in the seller receiving double the amount while the buyer was debited only once. The Aurory team swiftly responded by disabling its SyncSpace blockchain bridge connecting to Solana and the Ethereum scaling network Arbitrum.
To address the issue, developers are working on a global patch for the backend services. Aurory’s Executive Producer, Jonathan Campeau, clarified that the exploit specifically targeted the off-chain marketplace, emphasizing a race condition that allowed the unauthorized withdrawal of funds. Despite the severity of the incident, the Aurory team assured users that no funds or NFTs belonging to players were stolen or currently at risk. The exploit involved transferring funds from an Aurory developer team wallet to Arbitrum. Campeau noted the increased attention on Aurory following the release of Seekers, an expansion for the game, attracting both positive and malicious actors attempting to exploit vulnerabilities.
In response to the security breach, Aurory developers are actively working to release a comprehensive global patch for backend services, aiming to address the vulnerabilities exploited in the attack. The incident underscores the challenges faced by online gaming platforms in safeguarding against sophisticated attacks, highlighting the need for robust security measures to protect user assets and maintain the integrity of in-game economies. As the gaming industry faces growing threats, developers must remain vigilant in implementing proactive security measures to ensure a secure and enjoyable gaming experience for users.