PlayDapp, the South Korean Web3 game development platform and nonfungible token (NFT) marketplace, has temporarily halted its smart contract operations as it grapples with the aftermath of a significant security breach. The company made this decision just before 11:00 am UTC on February 13, as efforts to mitigate the hack’s impact continued into the new week.
PlayDapp security breach and response
The trouble first arose on February 9 when a noticeable problem was detected within PlayDapp’s system. Blockchain security firm PeckShield highlighted a potential private key leak after an astonishing 200 million of PlayDapp’s native PLA tokens, valued at $31 million, were minted without authorization. Further analysis by fellow blockchain security firm Cyvers Alerts revealed that the deployer’s address had been compromised, with the attacker’s address subsequently added as a minter.
In response to the breach, PlayDapp contacted the hacker via a post on X and offered a reward for returning the stolen contracts and assets. The company also issued a stern warning, indicating the potential involvement of law enforcement agencies, including the United States Federal Bureau of Investigation (FBI), if the situation remained unresolved. PlayDapp’s customer service remained unavailable between February 9 and 12 despite these efforts.
As the situation unfolded, PlayDapp escalated its response, as outlined in a statement on Medium. A reward of $1 million was offered for the safe return of the stolen contracts and assets by February 13. Failure to comply would result in the same bounty on the hacker. Additionally, PlayDapp collaborated with blockchain analytics and security firms, centralized exchanges, and law enforcement agencies to address the fallout from the breach.
Meanwhile, blockchain analysis firm Elliptic reported a concerning development on February 12, revealing that an additional 1.59 billion PLA tokens, worth $253.9 million, were illicitly minted. Despite the substantial quantity of tokens generated, the hackers may encounter challenges in selling them, given that the total supply of PLA before the breach stood at only 577 million.
Market impact and recovery efforts
The value of PLA experienced a significant decline following news of the breach, dropping from $0.1823 with $2.83 million in 24-hour trading volume at the beginning of February 9 to $0.1482 with $60.17 million in volume at the time of reporting. Despite this decline, there has been a marginal uptick from a low of $0.1420 earlier in the day.
PlayDapp’s decision to halt its smart contract operations underscores the severity of the security breach and the company’s commitment to addressing the situation promptly. However, the full extent of the damage and the effectiveness of mitigation efforts remain to be seen as investigations continue.
PlayDapp’s response to the security breach, including the suspension of smart contract operations and collaboration with various stakeholders, reflects a concerted effort to mitigate the hack’s impact and safeguard the interests of its users and investors. As the situation unfolds, stakeholders will closely monitor developments to achieve a swift resolution and restore confidence in the platform’s security measures.