Reading time: ~2 m
A report from a cybersecurity audit company indicates that GameFi (Play-to-Earn) projects pose a high risk of hacking to their users, as they focus more on making money than on security.
Риски Play-to-Earn
Inadequate cybersecurity measures in play-to-earn cryptocurrency gaming projects lead to serious risks for the GameFi industry and its users, Hacken, an audit firm, worries.
In his report, Hacken points out that such projects often do not pay enough attention to security issues, and are aimed at extracting maximum profit:
“GameFi project developers do not follow even the most basic and important cybersecurity principles, thereby hackers are able to exploit numerous vulnerabilities.”
Most Play-to-Earn projects have implemented non-fungible tokens (NFTs) and cryptocurrencies. The largest of these projects, Axie Infinity (AXS) and StepN (GMT), in addition to those listed above, use token bridges, various blockchain networks, and even real goods for their operation.
The Hacken auditing company conducted a study of 31 projects, and none of them could receive the highest AAA security rating. And 16 projects received the worst grade – D.
When determining the rating, various indicators were taken into account: the presence of an audit of tokens, the payment of remuneration for identifying errors, the publicity of the company.
A large number of projects receive a low score because they do not insure their obligations to users in case of hacker attacks.
Of all the projects tested, only two pay rewards for finding bugs. These are Axie Infinity and Aavegotchi.
14 out of 31 projects have fully completed the audit of their tokens, but only 5 of them have audited their platform, which allows you to find vulnerabilities in the entire project ecosystem. This five looks like this: Aavegotchi, The Sandbox, Radio Caca, Alien Worlds and DeFi Kingdoms.
A vulnerability in the Ronin cryptocurrency bridge led to a massive theft of over $600 million from the Axie Infinity project. Therefore, it is unjustified from the point of view of safety not to pay due attention to such bridges.
Hacken predicts that as Play-to-Earn projects become more popular, the number of attacks on them will only increase. The company advises users to independently assess the risks of projects before investing large sums in them.
“Remember that investing in the Play-to-Earn industry can bring high returns, but be aware of the risks,” the report concludes.
Yesterday, cryptanalyst Miles Deutscher asked on Twitter where to expect new attacks in the crypto space:
“We have gone through the following stages:
- >Memcoins are not safe
- > DeFi pyramids are insecure
- > Stablecoins are insecure
- > Top 10 L1 unsafe
- > Bridges are not safe
- > CEXs (centralized exchanges) are not safe
- > Wallets are insecure
What to expect next?
Author: Elvir, analyst Freedman Сlub Crypto News
#PlaytoEarn #targeted #hackers
