February 14, 2024 at 11:15AM
Hackers used a stolen private key to mint and steal over 1.79 billion PLA tokens from the PlayDapp ecosystem. The unauthorized wallet minted 200 million PLA tokens initially, and when PlayDapp offered a reward for returning the stolen contracts and assets, the hackers minted an additional 1.59 billion PLA tokens. This resulted in the suspension of all PLA trading on decentralized exchanges and freezing of the hacker’s wallets on major exchanges to mitigate the breach. Elliptic noted that the amount minted exceeds the total number of PLA tokens in circulation before the breach, impacting legitimate token holders as the price dropped from $0.18 to $0.14 per token. The attack is not attributed to any known threat actors but bears similarities to the Lazarus Group, a North Korean hacking collective previously responsible for executing massive breaches against crypto-gaming platforms.
The meeting notes highlight a significant security breach involving the PlayDapp platform and its native cryptocurrency, PLA tokens. The breach occurred when hackers utilized a stolen private key to mint and steal over 1.79 billion PLA tokens, leading to substantial financial losses and impacting legitimate token holders. In response to the breach, PlayDapp took immediate action, including transferring all held tokens to a new secure wallet, offering a reward to the hacker for returning the stolen assets, and requesting the suspension of PLA trading on decentralized exchanges.
The breach prompted cryptocurrency experts at Elliptic to observe that the value of the stolen tokens would likely be significantly impacted as they exceed the total number of tokens in circulation before the breach. As a result, legitimate PLA token holders have experienced a drop in the token’s value from $0.18 to $0.14 per token. In an effort to mitigate the breach, PlayDapp has suspended deposits and withdrawals, frozen the hacker’s wallets on major exchanges, and advised users to remain vigilant against potential phishing and scams.
Furthermore, the severity and sophistication of the attack have led to suspicions of involvement by the North Korean hacking group, the “Lazarus Group,” which has a history of executing large-scale breaches against crypto-gaming platforms and carrying out significant cashouts.
The incident underscores the importance of robust cybersecurity measures within the cryptocurrency ecosystem and necessitates ongoing vigilance and coordinated efforts to prevent further exploitation and mitigate the impact on legitimate stakeholders.