Popular mobile RPG with GameFi instruments, WonderHero, seems to be under hacker attack
WonderHero, a mainstream multi-platform GameFi for iOS and Android devices, sees its smart contract explored. It looks like hackers started to sell the loot immediately.
WonderHero play-to-earn game exploited, WND token plummets
Today, April 7, 2022, at 7:02 a.m. UTC, 80 million WND (almost $30 million by press time) was moved in a massive transaction from the contract of WonderHero mobile play-to-earn game. This was noticed by flagship cybersecurity vendor PeckShield.
Hi @wonderhero_io: you may want to take a look: https://t.co/0gCqWnjuEe
— PeckShield Inc. (@peckshield) April 7, 2022
The team of the game immediately shut down the website and restricted all operations with in-game liquidity. It also asked supporters to avoid WND trading until further notice.
The investigation is still underway, but it looks like someone compromised the private key of Wonderhero’s core wallet. The WND price immediately dropped to an all-time low of $0.36.
The allegedly stolen tokens are transferred to PancakeSwap (CAKE) DEX en masse: the attackers managed to exchange them for over 70 Binance Coins (BNB).
Largest hack in P2E segment?
CertiK, another high-profile blockchain security team, has confirmed that what has happened looks like a hack with a private key involved.
The project @Wonderhero_io symbol $WND has suspended service due to a possible hack. WonderHero may have experienced a private key leak.
DO NOT INTERACT! pic.twitter.com/fDFaroU0kb
— CertiK Alert (@CertiKAlert) April 7, 2022
Should this be true, this attack is the most devastating one so far in the play-to-earn segment. As covered by U.Today previously, on March 29, 2022, the hackers drained Axie Infinity sidechain Ronin (RON) of $625 million.
Thus, it took less than a week for the malefactors to print new records in terms of hacks in the DeFi and GameFi spheres.