Highly popular Web3 gaming platform PlayDapp has fallen victim to a major hack, leading to an estimated loss of $31 million worth of assets. 

The hack highlights the importance and urgent need to improve security measures in the blockchain and crypto ecosystems. 

PlayDapp Deployer Address Compromised 

The attack was first reported by blockchain security platform Cyvers Alerts shortly before an official confirmation about the hack from PlayDapp themselves. Cyvers broke the news about the hack in a post on X, stating that their systems had detected suspicious transactions with PlayDapp. They noted that PlayDapp’s deployer address had been compromised by a malicious entity that had added itself as the authorized minter on the Web3 platform. 

“ALERT! Our system has detected suspicious transactions with @playdapp_io.

It seems that the deployer’s address has been compromised, and the attacker’s address is added as a minter at https://etherscan.io/tx/0xe834f28377b79759ac5495a91975a01e0876af9aae312228c1ac525846406170 The attacker has minted 200M $PLA tokens, $31M, with initial funding from @FixedFloat. These $PLA tokens have been distributed to various addresses, and as of now, no swaps have been executed.”

By leveraging this access, the attacker was able to mint 200 million PLA tokens, valued at an estimated $31 million. The stolen assets were quickly distributed across various addresses, with a significant chunk of the assets valued at $5.9 million being moved to the Gate.io exchange. 

PlayDapp Confirms Hack

A few hours after the Cyver Alerts post, PlayDapp confirmed the hack in a statement and assured users that steps were being taken to contain the situation. PlayDapp stated, 

“We are writing to inform you of a critical security incident involving the PLA token contract. The PLA token contract has been hacked, and additional PLA tokens have been issued. We understand the gravity of this situation and assure you that we are taking immediate action. We have directly notified all partner exchanges and are collaborating with them to suspend trading and address the unauthorized tokens. We are working to resolve the issue. We will do our best to minimize the impact on PLA holders.”

The company has also alerted partner exchanges and urged them to take steps to prevent the circulation of the stolen assets. It also revealed that it was transferring all PLA tokens held by PlayDapp to a new wallet to shield its assets from any further risks. 

“PlayDapp is taking immediate action to safeguard PLA assets. This involves the mandatory transfer of ALL PlayDapp-held PLA to a new, secure wallet. This includes both locked and unlocked holdings.”

Contact With Hacker 

PlayDapp also sent an on-chain message to the hacker, offering a sizable reward for the quick return of the stolen assets. While the exact nature of the reward is unknown, it has become common practice for platforms that have been hacked to offer hackers a small percentage of the stolen assets in return for the remainder. PlayDapp stated that they would contact law enforcement if the hacker rejected their offer. Additionally, it also said it would place a public bounty on the hacker and employ the services of an anonymous blockchain security firm. 

“We have contacted the hacker directly through an on-chain message and made an offer for a reward for the immediate return of all stolen contracts and assets. Failure to accept this offer will prompt us to quickly work with the FBI and law enforcement agencies in the pursuit of the hacker.”

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.