PlayDapp announced just before 11:00 am UTC on Feb. 13 that it had halted its smart contract to take a screenshot for migration as the hack against the South Korean Web3 game development platform and nonfungible token (NFT) marketplace continued into the new week. The problem was first noticed on Feb. 9.
Blockchain security firm PeckShield noticed an apparent private key leak at PlayDapp after 200 million of its native PLA tokens, worth $31 million at the time, were minted. “It seems that deployer’s address has been compromised and attacker’s address is added as a minter,” fellow blockchain security firm Cyvers Alerts explained in a Feb. 9 X post.
On Feb. 10, PlayDapp posted a message on X addressed to the hacker, offering a reward for the return of the stolen contracts and assets and threatening to contact law enforcement, including the United States Federal Bureau of Investigation, if no response is received. PlayDapp’s customer service was down between Feb. 9 and 12.
According to an Elliptic blog post, the reward offered was $1 million if the contracts and assets were returned by Feb. 13; otherwise, it would put a bounty of the same amount on the hacker. Wallets associated with the hack were being labeled, Elliptic added. After the deadline passed, PlayDapp said on Medium that it was working with blockchain analytics and security firms, centralized exchanges and law enforcement to counteract the damage from the hack.
Related: Hashing It Out: GameFi must improve to drive Web3 adoption
Elliptic also said 1.59 billion more PLA, worth $253.9 million at the time, was minted on Feb. 12. The hackers may have trouble selling the illicitly minted tokens, however, since the total supply of PLA before the hack was only 577 million.
Happy Lunar New Year #web3
Enter the Year of the dragon with joy and unity
Let’s set intentions and unlock potential together!
May the Lunar New Year bring laughter, abundance, and endless possibilities
Wishing you joy and prosperity! $PLA #crypto #gamedev…..