Inside Q1 2024s Largest Hack: Playdapp’s $290 Devastating Million Exploit
The post Inside Q1 2024s Largest Hack: Playdapp’s $290 Devastating Million Exploit appeared first on Coinpedia Fintech News
PlayDapp, one of the most well-known blockchain gaming and NFT platforms based in South Korea and running on the Ethereum blockchain, encountered a cunning hacker attack that eventually resulted in a loss of assets amounting to a colossal $290 million.
The incident that took place between February 9th and 12th, 2024 stirred up the crypto community concerning the protection of digital assets and the safe functioning of decentralized platforms.
Join us as we uncover the intricate details of the largest hack of the year 2024 so far.
It started way before 9th February!
The hacking controversy started on January 16, 2024, when the PlayDapp team received an email that looked like it was from a legitimate partner exchange provider.
the email became a well-designed phishing trick which resulted in downloading dangerous software onto one of the team’s PCs. Eventually, the thief got the administrator’s private key, which is a serious violation of the whole security system.
On February 9, 2024, intruders took advantage of the owned private key to acquire unauthorized access to PlayDapp’s smart contract. They had changed them and minted 200 million PLA tokens into their accounts.
Regardless of the speedy actions taken by the PlayDapp team in trying to inform major CEXs, the hackers succeeded in creating yet another 1.59 billion of PLA on the 12th of February.
Root Cause Revealed the Theft of Private Keys
In the root-cause analysis done by the cybersecurity company CYBERONE, it was determined that initial access was granted to the adversary using a domain-spoofed email, which in turn led to the installation of a remote access tool on a team member’s personal computer.
The hackers gained access to the administrator’s private key and opened the doors for the attacks.
Flow of Stolen Assets
Although the hackers were able to mint large amounts of PLA tokens, their sales of the assets in return for cash were mostly unsuccessful. The original amount of PLA tokens in circulation amounted to $577 and the hackers were only able to convert $32 out of the stolen amount. The remaining tokens were released through different transactions making the recovery process more complicated.
Response by the Playdapp Team
To react to the hack, PlayDapp put out a huge bounty of $ 1 million for the safe return of stolen assets and closed the trading on the PLA token. The offer went in vain as the hacker did not respond positively which made the team extend the bounty to the public.
The project had already effected a move to a new smart contract that comes with more advanced security features, such as multi-signature functionality and improved permission administration.
Following these events, the PlayDapp team has undertaken steps to distribute private keys in a decentralized manner, to improve email account security, as well as to install comprehensive antimalware software. The initiative’s goal is to provide the continuity and stability of services not to mention the enhancement of security measures to curb future abuses.
As of writing, the majority of funds are still with the hacker and the remaining are frozen through exchanges.
PlayDapp hacking instance represents a palpable demonstration of the long-term risks involved with decentralized platforms and stresses the saliency of carefully designed and rapid security apps in protecting digital assets and user account deposits.
