According to CryptoPotato, South Korean blockchain-based game development platform and non-fungible token (NFT) marketplace PlayDapp has lost over $290 million in crypto from an exploit lasting four days. The smart contract of PlayDapp’s native token, PLA, has been paused, and preparations are ongoing to conduct a snapshot for migration.
The exploit began on February 9 when an unauthorized wallet minted 200 million PLA tokens worth $36 million at the time. Blockchain security firm PeckShield revealed that the wallet was recently added after the token’s smart contract’s private keys were compromised and the protocol hacked. In response, PlayDapp offered the hacker a white hat bounty of $1 million in exchange for the funds to be returned by February 13, threatening to involve law enforcement agencies in multiple jurisdictions in a criminal investigation if the hacker failed to accept the offer.
However, the attacker minted another 1.59 billion PLA tokens worth $249.6 million at the asset’s price during the exploit. The hacker began to launder the stolen funds, swapping and dispersing the assets to different blockchains. PlayDapp asked centralized exchanges to suspend deposit and withdrawal transactions for PLA, hindering the hacker’s attempts to move the tokens further. The hacker’s wallets have been frozen as well.
PlayDapp is currently investigating the hacker’s intrusion methods, tracking the minted and swapped tokens, and engaging in talks with exchanges for migration solutions like airdrops. Blockchain intelligence and security firms and law enforcement agencies are involved in resolving the issue, prioritizing the protection of PLA holders’ assets. The PlayDapp team has requested PLA token holders to halt transactions and decentralized exchanges to temporarily pause all liquidity pool activities regarding PLA tokens as precautionary measures. Meanwhile, PLA has lost more than 18% of its value, significantly plunging from $0.182 before the first attack to $0.148 at the time of writing.