The PlayDapp security breach has escalated significantly, with total losses now surpassing $290 million. As per findings from blockchain analytics company Elliptic, the breach led to the pilfering of millions in PLA tokens, the digital currency fueling PlayDapp’s gaming ecosystem and NFT exchange.
Released on Tuesday, Elliptic’s report disclosed that an illicit wallet, likely acquired through compromised private keys, generated 200 million PLA tokens valued at $36.5 million on February 9th.
PlayDapp’s Negotiation Attempt Backfires
In the aftermath of the incident, PlayDapp endeavored to engage in negotiations with the hacker, transmitting an on-chain message urging the return of the pilfered funds by February 13, accompanied by a $1 million white hat reward offer. Despite these attempts, they proved fruitless.
“Efforts to reach an agreement with the hacker were unsuccessful as they displayed no inclination to assist in recovering holders’ losses,” stated PlayDapp in a declaration on Tuesday.
Instead, the hacker escalated the crisis by generating an additional 1.59 billion PLA tokens, valued at an astonishing $253.9 million, on February 12. Subsequently, they initiated the process of laundering the funds through various cryptocurrency exchanges.
Elliptic highlighted that prior to the breaches, the total circulating supply of PLA tokens stood at 577 million, which rendered it challenging for the exploiter to vend the newly minted 1.8 billion tokens at a value anywhere near their previous market rate.
On February 13, PlayDapp announced via the social media platform X that they had initiated a temporary pause on the PLA smart contract. This decision was made to facilitate a snapshot for migration purposes, underscoring their dedication to safeguarding holders’ assets and committing to transparent communication with the community.
Additionally, PlayDapp disclosed their active engagement with cryptocurrency exchanges, blockchain forensic firms, and law enforcement authorities to address the breach effectively.
The project also revealed their ongoing efforts to monitor the minted and exchanged tokens diligently, while exploring potential migration strategies, including the consideration of an airdrop.
As of February 13, the PLA token was trading at $0.15, indicating a 2.9% decline within the preceding 24 hours.
Coinbase Pauses PLA Trading
On Wednesday, Coinbase made the decision to suspend PLA token trading following the project’s temporary pause on its smart contract.
“We will continue to monitor developments related to PLA from the issuer and update our customers as more information becomes available,” stated Coinbase on X.
Reports indicate that malicious actors have absconded with $38.9 million from several Web3 projects in the initial month of 2024.
One of the earliest significant cryptocurrency breaches of the year transpired when Radiant Capital suffered a $4.5 million loss resulting from an empty market exploit.
Gamma Strategies, another platform affected by security breaches, fell victim to a flash loan attack on January 4, shortly after the incident involving Radiant Capital.
Exploiting a code bug, the attackers managed to extract $6.1 million from Gamma’s publicly accessible vaults.
On January 16, Socket, a multichain protocol, experienced a security breach resulting from a vulnerability in user verification input. This flaw enabled hackers to pilfer nearly 2,000 ETH, amounting to over $4 million.
Despite the breach, Socket successfully recovered 1,032 ETH (equivalent to approximately $2.3 million) and proceeded to reimburse all affected users as part of its initiative to restore user funds.