PlayDapp Suffers $32.35 Million Security Breach
Summary #
On February 9, 2024, PlayDapp, a Play to Earn (P2E) game based on Ethereum, experienced a security breach due to compromised private keys. The attacker exploited the platform and minted a total of 3.38 billion PLA tokens, which was worth nearly $617 million at the time of an incident. However, the attacker managed to convert the tokens for $32.35 million. The stolen funds were transferred to various addresses, with some deposited into the Polygon chain and Binance exchange, while a significant portion remains in the attacker’s address as of February 13, 2024.
Attackers #
The identity of the attacker remains unknown. The attacker used the following Ethereum addresses:
- 0xD151050d43c28690766f50Ce9ea8686c5D243a40
- 0x1cae9eAa76E880fe47A26dd838E5Ec056C289155
- 0xe84d086f2c402d297d05b1bccc06d0e0942ec03c
Losses #
PlayDapp suffered a loss of approximately $32.35 million due to the security breach.
Timeline #
- February 9, 2024, 01:39 PM UTC: The attacker granted minting privilege to himself using a compromised wallet.
- February 9, 2024, 01:45 PM UTC: The first malicious transaction occurred with over $14 million worth of PLA tokens minted.
- February 9, 2024, 01:54 PM UTC: Over $3.5 million worth of tokens were bridged to the Polygon chain.
- February 9, 2024, 05:00 PM UTC: The attacker started depositing tokens to the Binance exchange.
- February 9, 2024, 09:01 PM UTC: PlayDapp posted a tweet, claiming they are working along with partner exchanges to resolve an issue.
- February 10, 2024, 04:20 AM UTC: The part of the tokens were deposited to Gate.io exchange.
- February 10, 2024, 05:28 AM UTC: PlayDapp announced on X about transferring of the rest PLA tokens to a new wallet to safeguard assets.
- February 10, 2024, 01:52 PM UTC: PlayDapp offered a $1 million white hat reward to the attacker.
- February 11, 2024: Neptune Mutual posted detailed analysis of the incident.
Security Failure Causes #
- Compromised Private Key: The root cause of the exploit is reportedly due to the compromise of the private keys of the privileged address.