PlayDapp suffers $300 million exploit, hacker minted 1.59B tokens

The PlayDapp gaming platform and its associated NFT marketplace have been hit by a security exploit, leading to the unauthorized creation and theft of PLA tokens valued at millions of dollars.

Blockchain analysis firm Elliptic revealed that an exploit on February 9 involved the minting of 200 million PLA tokens, worth nearly $36.5 million at the time, by an unauthorized wallet. This incident is believed to stem from a compromise of a private key.

Following the initial exploit, PlayDapp reached out to the exploiter, offering a $1 million reward for returning the stolen funds. However, negotiations failed, and the hacker proceeded yesterday to mint an additional 1.59 billion PLA tokens. Valued at around $290 million, based on their market value at the time of the thefts, the hacker started laundering these tokens through various cryptocurrency exchanges.

“The wallets associated with the exploiter have already been labelled in Elliptic’s tools – allowing exchanges and other service providers to identify whether they are receiving the proceeds of this hack,” said Elliptic.

Given the original circulating supply of PLA tokens was 577 million, Elliptic notes that the exploiter may struggle to sell the newly minted 1.8 billion tokens at their pre-hack market value. In response to the breach, PlayDapp announced on X that the PLA smart contract had been paused to prepare for a potential token migration and snapshot to protect holders’ assets.

PlayDapp said it’s actively working with crypto exchanges, blockchain forensic firms, and law enforcement to address the situation. The platform is tracking the minted and swapped tokens and exploring possible solutions, including an airdrop, to mitigate the impact on its community. As of February 13, the PLA token’s value had dropped by 2.9% over the previous 24 hours, trading at $0.15.

Elliptic’s product helps banks to assess hundreds of crypto exchanges operating worldwide. Called ‘Elliptic Discovery,’ this solution is purpose-built for banks to enable them to identify crypto exchanges that are complying with strict regulatory standards. Discovery boasts a database of hundreds of exchanges, collected since 2013, including their owners, jurisdiction, regulatory status, and compliance policies.