WonderHero acknowledged in a press notification that “there was an exploit on our cross-chain bridging withdrawal,” and that “the hackers succeeded to have the signature and created 80 million $WND,” the game’s coin. The value of WonderHero’s token (WND) dropped about 50% on Thursday morning when the hacker checked out, as per CoinMarketCap statistics.
“We realize that the community is worried about the abrupt WND price drop,” the business remarked on Twitter before admitting the breach. “Our staff is investigating this situation and will provide a report as early as possible,” WonderHero tweeted.
The firm announced that it was halting almost all activities, including gaming facilities, smart contracts, deposits, withdrawals, and trading services, in a separate tweet.
As per the game’s website, WonderHero is an anime-based mobile RPG themed in a scenario when “Earth has been contaminated by the fallout of nuclear conflict, with the remaining humankind moving to occupy the large space station, Icarus VI.”
Characters, arms and ammunition, and accessories are all NFTs that gamers accumulate. To enhance them, users must buy or gain WND, the game’s cryptocurrency. The attack comes less than a week after a hacker swindled over $600 million in bitcoin from a bridge run by Axie Infinity, which is yet another play-to-earn (p2e) game. As per the business, the hacker “utilized hacked login details to generate fraudulent withdrawals” in that instance.
These are the services we suspended & we will give an update asap:
1. suspending game services
2. close bridge services
3. removing liquidity
4. pause smart contracts
5. stop all deposits, withdrawals and trading services— WonderHero (@Wonderhero_io) April 7, 2022
In simple words, the hacker seized command of a portion of the Ronin network’s validator nodes, which are permitted to check and clear transactions, by exploiting a gateway in the Ronin network, a blockchain meant to interface with the Ethereum blockchain-based Axie Infinity.
The WonderHero hacker most likely got the firm’s private key, which enabled them to issue additional tokens, according to Tal Be’ery, a cybersecurity expert and the chief technology officer of ZenGo, a cryptocurrency wallet software.
“What evidence do we have that the private key was taken? You’ll require access to the private key to authenticate the required transaction in order to include another individual or entity as a ‘miner,” Be’ery explained Motherboard in an online discussion. “There’s really no method to tell how the hackers acquired the code, but it’s certain they did.”
On April 7, 2022 around 7:00 AM +UTC, WND token price dropped by 99%.
An unverified contract added their contract to the MINER_ROLE and then minted 80,000,000 $WND
They then swapped the $WND for 744 $BNB ~$320,000 USD).https://t.co/lLzQQMSrHY
— CertiK Alert (@CertiKAlert) April 7, 2022
Hi @wonderhero_io: you may want to take a look: https://t.co/0gCqWnjuEe
— PeckShield Inc. (@peckshield) April 7, 2022
Certik, a crypto cybersecurity outfit, described the event as a “likely hack” on Twitter. Another crypto security firm, PeckShield, tweeted @ WonderHero, citing to the alleged hacker’s activity on the Binance Smart Chain and adding, “you might just want to take a closer look.” Somebody transferred 80 million WND tokens valued over $300,000 into their online wallet from a null address associated to the venture, according to the action. All of the tokens in that wallet have been removed.
The organization pledged in its statement that it will build a novel smart contract and “fairly” reward all of its backers with fresh tokens depending on how much WND they held prior to the theft.