Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The blockchain gaming platform PlayDapp was hacked, with the attacker's address being added as a minter, minting 200 million PLA tokens (valued at $36.5 million). Shortly after the incident, PlayDapp sent a message to the attacker through on-chain transactions, requesting the return of the stolen funds and offering a $1 million bug bounty reward, but negotiations ultimately failed. On February 12, the hacker minted an additional 1.59 billion PLA tokens, valued at $253.9 million, and began transferring them through cryptocurrency trading platforms. On February 13, PlayDapp announced on Twitter that the PLA smart contract had been paused, while also advising users to cease trading for migration snapshots and stating that every effort is being made to protect holders' assets. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 290,000,000.
- chain
- —
- protocol
- PlayDapp
- bug_class
- private-key
- date_occurred
- 2024-02-09
- loss_usd
- $290,000,000
- source_id
- sm:playdapp::2024-02-09