Compromised Deployer Address
On February 9th, Cyvers Alert reported suspicious transactions on PlayDapp’s network. An unauthorized entity gained access to the deployer address, allowing them to mint 200 million PLA tokens worth $31 million. The stolen assets were distributed to various addresses, including $5.9 million worth of PLA deposited on Gate.io exchange.
PlayDapp confirmed the attack and took immediate action to contain the situation. They notified partner exchanges to suspend trading and address the unauthorized tokens. Additionally, all locked and unlocked PLA tokens were transferred to a new wallet protected from the hacker’s influence.
Contacting the Hacker
PlayDapp sent an on-chain message to the hacker, offering a reward for the return of stolen assets and contracts. The platform threatened to involve the US Federal Bureau of Investigation (FBI) and other law enforcement agencies if the hacker refused. PlayDapp also promised to place a public bounty on the hacker and hire an anonymous blockchain security firm.