Major hacks in play-to-earn crypto games are ‘a matter of time’ – Report
“Unsatisfactory” cybersecurity measures among play-to-earn (P2E) crypto games pose a great risk to GameFi projects and their players, warns blockchain cybersecurity auditor Hacken.
In an Aug. 1 report shared with Cointelegraph, Hacken said data indicates that Gaming Finance (GameFi) projects, the category P2E games would fall into, “often put profits above safety” by posting products without taking proper precautions against pirates.
“GameFi Projects […] fail to follow even the most essential cybersecurity recommendations, leaving malicious actors with many entry points for attacks.
P2E games often incorporate non-fungible tokens (NFTs) into their ecosystems in addition to crypto. The biggest projects, such as Axie Infinity (AXS) and Stepn (GMT) use a wide range of products designed to improve the gaming experience, such as token bridges, blockchain networks or physical goods.
Hacken researchers found that, based on data collected by cryptographic security ranking service CER.live., there were serious gaps in GameFi cybersecurity in particular. He found that out of 31 GameFi tokens studied, none received the highest AAA security rating, while 16 received the worst D score.
Each project’s rankings were determined by weighting various aspects of their cybersecurity, such as token audits, whether they have bug bounty and insurance, and whether the team is public.
Hacken’s report explained that GameFi projects generally scored low because he found that no P2E projects had insurance coverage that could help projects recover funds immediately in the event of a hack.
The lack of insurance is partially confirmed by the marketing director of crypto insurance company InsurAce, Dan Thomson, who told Cointelegraph on Thursday that he does not cover any P2E projects.
The report also revealed that only two projects have an active bug bounty program in place. Axie Infinity and Aavegotchi have bug bounties that provide monetary compensation to hackers for finding bugs in the project’s code.
Finally, he found that while 14 projects received a token audit, only five completed a platform audit that could find potential security vulnerabilities across the entire project ecosystem. These include Aavegotchi, The Sandbox, Radio Caca, Alien Worlds, and DeFi Kingdoms.
The report also highlighted token bridges as a vulnerability for P2E games. Axie Infinity’s Ronin token deck was the site of one of the biggest crypto industry hacks ever when it lost over $600 million in tokens in March.
Related: $2 billion worth of crypto stolen from cross-chain bridges this year: Chainalysis
As P2E games grow in popularity, there will likely be an increase in the number of security exploits and the dollar value stolen from projects, Hacken said. The company advised players to do their own security check of projects before dropping a large sum of money into them.
“And, of course, keep in mind that investing in P2E is still a potentially profitable but quite risky business.”
On August 3, crypto analyst Miles Deutscher rhetorically asked where the next crypto security problem might come from. Deutscher may have his answer.
We went from:
> Meme coins are not safe
> DeFi ponzis not being safe
> Stablecoins are not safe
> Top 10 N1s not being safe
> Bridges are not safe
> CEXs are not safe
> Wallets are not safe
— Miles Deutscher (@milesdeutscher) August 4, 2022