PlayDapp Security Breach Escalates: Cumulative Losses Surpass $290 Million Mark
The recent PlayDapp security breach has taken a grim turn, with cumulative losses now exceeding $290 million.
According to a report by blockchain analytics firm Elliptic, the exploit resulted in the theft of millions worth of PLA tokens, the native cryptocurrency powering PlayDapp’s gaming platform and NFT marketplace.
The report, released on Tuesday, revealed that an unauthorized wallet, likely obtained through a compromise of private keys, minted 200 million PLA tokens valued at $36.5 million on February 9.
PlayDapp’s Negotiation Attempt Backfires
Following the incident, PlayDapp attempted to negotiate with the hacker, issuing an on-chain message requesting the return of the stolen funds by February 13, offering a $1 million white hat reward.
However, these efforts proved futile.
“Attempts to negotiate with the hacker were unsuccessful as they showed no willingness to help recover holders’ losses,” PlayDapp wrote in a statement on Tuesday.
Instead, the hacker escalated the situation by minting an additional 1.59 billion PLA tokens, valued at a staggering $253.9 million, on February 12.
They then began laundering the funds through various crypto exchanges.
Elliptic noted that prior to the breaches, the total circulating supply of PLA tokens was 577 million, making it challenging for the exploiter to sell the newly minted 1.8 billion tokens at anywhere close to their previous market value.
On February 13, PlayDapp announced on the social media platform X that they had paused the PLA smart contract.
The PLA smart contract has been paused.
We kindly request the halt of transactions to conduct a snapshot for migration.
Please understand that we are doing everything to protect holders' assets, and we will continue to keep the community updated.— PlayDapp (@playdapp_io) February 13, 2024
They requested the temporary halt of transactions in order to conduct a snapshot for migration, emphasizing their commitment to protecting holders’ assets and pledging to keep the community informed.
PlayDapp also said it is actively collaborating with crypto exchanges, blockchain forensic firms, and law enforcement agencies to address the breach.
Furthermore, the project said they are diligently tracking the minted and swapped tokens while exploring migration solutions, such as the possibility of an airdrop.
As of February 13, the PLA token was trading at $0.15, experiencing a 2.9% decrease over the past 24 hours.
Coinbase Pauses PLA Trading
On Wednesday, Coinbase suspended PLA token trading after the project paused its smart contract.
“We will continue to monitor developments related to PLA from the issuer and update our customers as more information becomes available,” Coinbase said on X.
As reported, bad actors have stolen $38.9 million from various Web3 projects in the first month of 2024.
One of the first major crypto hacks of the year occurred when Radiant Capital experienced a $4.5 million loss due to an empty market exploit.
Gamma Strategies, another affected platform, fell victim to a flash loan attack on January 4, shortly after the Radiant Capital incident.
The attack exploited a code bug, enabling the hackers to siphon $6.1 million from Gamma’s public-facing vaults.
On January 16, Socket, a multichain protocol, suffered a security breach due to a vulnerability in user verification input, allowing hackers to steal nearly 2,000 ETH, valued at over $4 million.
However, Socket managed to recover 1,032 ETH (equivalent to approximately $2.3 million) and reimbursed all affected users as part of its strategy to restore user funds.