PlayDapp’s smart contract exploit enters its fifth day, accumulating over $290 million in losses, marking the largest hack since 2022.
The PlayDapp security breach was previously reported by crypto.news on Feb. 9th, when an unauthorized addition to the PLA token’s minting address was identified by several security analysts, immediately plummeting the token’s value. The incident has continued to unfold throughout the week, as major exchanges like Coinbase have suspended PLA trading.
PlayDapp has paused the PLA smart contract and proposed a migration plan to shift to a new ‘PDA’ token for the network, which will have improved security measures like multi-signature implementation.
The PLA smart contract has been paused. We kindly request the halt of transactions to conduct a snapshot for migration. Please understand that we are doing everything to protect holders’ assets, and we will continue to keep the community updated.
— PlayDapp (@playdapp_io) February 13, 2024
You might also like: Bitcoin ETFs see 14 consecutive days of net inflows as crypto market cap crosses $2t
Analysts from the blockchain security platform Cyvers have provided a detailed breakdown of how the breach occurred, as the attacker added their address as a minter and minted 200 million PLA tokens worth $31 million.
On Feb. 12, the hacker still had access to the smart contract and minted an additional 1.59 billion PLA tokens worth $223 million. Some tokens are deposited to exchanges such as Paribu and HTX. PlayDapp also contacted the hacker via on-chain messages to return the stolen contracts for a substantial reward.
Since the attack, the PLA has been down by over 15%.