On February 13, just before 11:00 AM UTC, PlayDapp made a public announcement stating the suspension of its smart contract operations in response to ongoing hacking attacks targeting South Korea's Web3 game development platform and non-fungible token (NFT) market. The decision to halt operations was prompted by security concerns arising from the attacks, which were first detected on February 9. PlayDapp indicated its intention to migrate its operations with a screenshot provided for reference.
The breach was initially detected by blockchain security firm PeckShield, which observed a suspected private key leak from PlayDapp following the minting of 200 million native PLA tokens, valued at $31 million at the time. According to Cyvers Alerts, the compromised deployer's address led to the addition of the attacker's address as a minter, exacerbating the security threat.
In an attempt to mitigate the impact of the breach, PlayDapp issued a public message to the hackers via X, offering a substantial reward for the return of stolen contracts and assets. The message also served as a warning, indicating the intention to involve law enforcement agencies, including the FBI, if no response was received. However, disruptions to PlayDapp's customer service persisted from February 9 to 12, further highlighting the severity of the security incident.
Elliptic, a blockchain analysis firm, provided additional insights into the situation, disclosing that wallets associated with the hack had been flagged. Moreover, Elliptic revealed that an additional 1.59 billion PLA tokens were illicitly minted on February 12, valued at approximately $253.9 million. Despite the substantial volume of illegally minted tokens, Elliptic suggested that the hackers might encounter challenges in offloading them, given that the total supply of PLA tokens prior to the breach stood at only 577 million.
In response to the security breach, PlayDapp published a statement on Medium, outlining its collaborative efforts with blockchain analytics and security firms, centralized exchanges, and law enforcement authorities to mitigate the fallout from the hack. The company remains committed to addressing the security vulnerabilities and restoring trust in its platform amidst the ongoing investigation into the breach.
