PlayDapp hacker attack report: Administrator’s private key stolen due to domain name spoofing email
According to news on April 1, the blockchain game platform PlayDapp released a post-hacking report. The reason for the theft was that PlayDapp received a domain name spoofing email from a hacker on January 16. The email was disguised as a cooperative exchange of PlayDapp. PlayDapp opened the email After the attachment in the email, the malicious code was executed and a tampered remote access multi-session tool was installed. Subsequently, the hacker took remote control of the PC, resulting in the administrator's private key being stolen. On February 9, a hacker illegally used the stolen private key to change all the contract’s permissions on its account, delete the authorization of the existing administrator, and effectively minted 200 million PLA tokens to its account. PlayDapp says domain owners (in this case, exchanges) can prevent this type of domain spoofing by setting up a simple security measure called DMARC. Golden Finance previously reported that PlayDapp was hacked in February, and the hackers minted tokens twice. PlayDapp decided to migrate the tokens from PLA to PDA on a 1:1 basis.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Matrixport: Bitcoin will surge 150% in 2024, and a bull market can be expected in 2025
SUI fell below 4.5 US dollars
Sui now supports USDC cross-chain