According to Foresight News, blockchain gaming platform PlayDapp has released a post-hack report, revealing that the theft occurred due to a domain spoofing email received by PlayDapp on January 16. The email was disguised as a partner exchange of PlayDapp, and upon opening the attachment in the email, malicious code was executed, installing a tampered remote access multi-session tool. Subsequently, the hacker remotely controlled the PC, resulting in the theft of the administrator's private key.
On February 9, the hacker illegally used the stolen private key to change the contract's full permissions to their account, removed the existing administrator's authorization, and invalidly minted 200 million PLA tokens to their account. PlayDapp stated that domain owners, in this case, the exchange, can prevent such domain spoofing by setting up a simple security measure called DMARC. Previously, Foresight News reported that PlayDapp was hacked in February, with the hacker minting tokens twice. PlayDapp decided to migrate the tokens from PLA to PDA at a 1:1 ratio.
