Hackers orchestrated a significant breach within the PlayDapp ecosystem, leveraging a stolen private key to mint and abscond with over $290 million worth of PLA tokens. PlayDapp, a blockchain-based platform facilitating non-fungible token (NFT) transactions within games, discovered the unauthorized minting of 200 million PLA tokens, valued at $36.5 million, prompting immediate action. Despite efforts to engage the hacker with a $1 million “white hat” reward and threats of legal action, the attackers continued their exploit, minting an additional 1.59 billion PLA tokens, exacerbating the total loss to $290.4 million.
In response to the breach, PlayDapp swiftly initiated security measures, transferring all held tokens to a new, secure wallet and suspending PLA trading on decentralized exchanges. Additionally, major exchanges froze the hacker’s wallets to mitigate further dispersion of stolen assets. However, despite coordinated efforts, cryptocurrency experts report that the stolen funds are already being laundered, posing challenges to recovery and impacting legitimate token holders.
The severity of the breach prompts PlayDapp to suspend deposits and withdrawals, urging users to refrain from transactions until migrating to a secure system. Furthermore, users are cautioned to remain vigilant against phishing and scams amid the heightened security concerns. While the attack shares similarities with previous Lazarus Group breaches, the perpetrators remain unidentified, raising concerns about the potential for future exploits and the broader impact on cryptocurrency markets.
Reference:
- New 200m $PLA tokens were just freshly minted
- We are writing to inform you of a critical security incident involving the PLA token contract
