Crypto gaming platform PlayDapp was hacked twice for $290 million

Cryptocurrency gaming platform PlayDapp experienced a series of hacks that resulted in the loss of PLA tokens worth a total of $290 million, estimated based on their market value at the time of the incident.
PlayDapp is a blockchain-based gaming platform and NFT marketplace. PLA is the platform's native token created for conducting transactions. Games on the platform can run on various blockchains such as Ethereum, Avalanche and Solana.
As a result of the re-hack of the gaming platform, which occurred on February 12, the hacker issued 1.59 billion PLA tokens. On February 9, an unauthorized wallet minted 200 million PLA tokens worth $36.5 million. He transferred funds to a number of crypto addresses and began laundering them through various services.
This incident, according to our colleagues at PeckShield, is related to the compromise of the private key:

Link to transaction dated February 9th.

PlayDapp, in turn, sent a message to the hacker via an on-chain transaction, offering a $1 million reward for returning the stolen funds by February 13th. Otherwise, this amount was offered as a reward for assistance in his capture.

Text of PlayDapp's message to the hacker.

Unfortunately, this proposal did not lead to anything, the hacker did not answer anything and the gaming platform announced.
“After confirmation of the hacker attack, PlayDapp promptly took action by urgently requesting deposit and withdrawal suspensions from major centralized exchanges and reporting the incident to investigative authorities”
With only 577 million total PLA tokens in circulation prior to the hack, selling the approximately 1.8 billion newly minted tokens at a price close to their pre-hack market value is an extremely difficult task for a hacker. Even the news about these hacks influenced the exchange rate, not to mention the possible immediate increase in the supply of tokens by 4 times!

Changes in the PLA token rate from February 6 to February 16. Source: Coinmarketcap

Representatives of PlayDapp, as stated, did not sit idly by and took a number of actions, including:
initiated an internal investigation;
monitoring the flow of tokens issued by the hacker;
notification by centralized exchanges and DEX.
The PLA smart contract was stopped due to the decision of the gaming platform team, and the intention to migrate was announced as an additional security measure.
Cryptocurrency addresses associated with the attacker are already marked in tools like our Bholder, showing the interaction between addresses, as well as in AML services for checking cryptocurrency addresses to assess the level of risk and understand the sources of funds like Btrace. This will allow exchanges, other service providers and ordinary users to determine whether they are interacting with funds from a given hack.
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.




We also recommend