Author: Hacken
Source: Hacken
The "earn while you play" (P2E) market has become one of the biggest niche markets of Web 3.0. As of the beginning of July 2022, the market value of P2E projects is 6.5 billion US dollars, and the daily trading volume exceeds 850 million US dollars. With more than 3 billion video game players worldwide, the video game industry is likely to be a major conduit for further growth in cryptocurrencies.
P2E has a strong connection to virtual assets, so it shares many of the risks posed by cryptocurrencies, including cybersecurity threats. The more money the industry attracts, the easier it becomes a target for criminals.
In this environment, security becomes one of the most pressing concerns in this niche. So what are the current trends in P2E security? Can we expect to reduce the number of hacks, or create common security standards for the industry?
In March 2022, one of the most famous P2E projects, Axie Infinity, was hacked and lost $625 million, making it the largest hack in the P2E niche to date. Before the attack, the platform was attracting more than 2 million users per day.
Axie Infinity is built on top of its native blockchain, Ronin. Attacking Ronin, the hackers managed to break into Axie Infinity's systems, using keys to verify transactions on the network. By accessing 5 validator nodes (4 of which belong directly to Axie Infinity and 1 is a third-party node run by Axie DAO), they managed to fake a fake withdrawal. The Sky Mavis team believes the hack is related to technical vulnerabilities and social engineering.
Let’s assess the state of P2E cybersecurity using data from encrypted cybersecurity data aggregator CER.live. CER.live analyzes hundreds of metrics from P2E and GameFi projects to create the most comprehensive security ranking.
Currently, the P2E crypto game industry includes more than 170 projects and 44 venture capital funds with a market capitalization of more than $5 million. The top 5 are The Sandbox, Decentraland, Axie Infinity, Stepn and Gala.
The current cybersecurity analysis covers 31 projects and the results are not satisfactory. While only Axie Infinity has had a safety incident, none of those projects have received a safety rating of AAA, AA, or even an A. (CER.live uses a classic rating method, with AAA being the highest rating and D being the lowest. A rating below DDD means an increased risk of future hacking or other security incidents.)
According to the data provided by CER.live, we can see that the GameFi project puts profit above safety, and does not even follow the most basic network security recommendations, leaving a large number of attack entrances for criminals.
Technologist and Farcana CEO Ilman Shazhaev said the next big question is the popularity of blockchain bridges in Play-to-Earn and their vulnerabilities. In Axie's case, however, the hackers were after more than money: By disrupting games played by millions, the hacker's or organization's pseudonym quickly spread as they gained some kind of fame.
Ilman added: "Another breach involved insiders, where hackers bribed a team member who divulged the information they needed, thereby stealing users' funds. The process wasn't always about sharing login credentials: sometimes it was surreptitiously telling hackers vulnerabilities, even in the case of advanced cybersecurity policies.
Of course, we also cannot forget the raw nature of many projects. Many P2E game developers want to get their games to market as quickly as possible: At the same time, some developers forego high-quality code reviews in order to save money and time. "
So, what are the necessary security considerations for GameFi projects?
Automated and manual analysis of code allows detection of vulnerabilities of different severity levels and resolution of security issues and business logic flaws. Among the audited projects, suppliers of smart contract audit services with the lowest incident rate include OpenZeppelin, ConsenSys, and Hacken.
With a bounty program, dozens or even hundreds of ethical hackers simultaneously conduct independent analyzes of a project's security and are rewarded monetaryly for the vulnerabilities they find. The main bug bounty platforms include BugCrowd, HackerOne, HackenProof, ImmuneFi, Synack, and YesWeHack.
With insurance in place, projects and their users can get full or partial refunds for the funds they lost in the hack. The main insurance providers are Nexus Mutual and InsurAce.io and inSure etc.
After Axie Infinity was hacked, many criminals realized that P2E encrypted games have accumulated huge assets, which they can easily steal from through well-planned attacks. Security experts admit that large-scale hacking of P2E games is almost inevitable in the future. The further popularity of P2E and GameFi encryption projects will be accompanied by an increase in cybercrime against these players.
In such situations, players should be aware that they must take care of their own safety. Before committing a large sum of money to a P2E game, users should at least conduct a basic security review of the project using data provided by independent platforms such as CER.live and CoinGecko. Of course, investing in P2E, while still profitable, comes with considerable risks.
In a high-stakes legal showdown, the UK High Court delves into the mystery of Bitcoin's creator as the Crypto Open Patent Alliance challenges Craig Wright's bold claims. With a rejected settlement offer adding drama, the courtroom spectacle unfolds, promising a thrilling saga of legal battles and the quest to unveil the true identity behind Satoshi.
JoyBithumb slashes fees and expands Maker Rewards, offering luxury benefits to black level members, setting new industry standards for value and service.
BrianWeb3Auth launches 'Wallet Services,' aiming to streamline web3 development with pre-built templates and introduces 'Pregenerated Wallets' for simplified user engagement.
JoyOKX Web3 Wallet pioneers by integrating ARC-20, SRC-20, DRC-20, and Runes, revolutionizing the Web3 industry with diverse tokens, zero-fee NFT trading, and post-Bitcoin halving prospects.
WeiliangTaproot Wizards' Quantum Cats faces its third delay, spotlighting challenges and potential in the evolving digital asset and blockchain industry.
MiyukiStride's stTIA launch and STRD airdrop enhance Cosmos' DeFi, rewarding users, fostering community growth, and promoting long-term stability through strategic token distribution and inclusive participation mechanisms.
WeiliangFetch.ai confronts legal challenges with a strategic shift from the UK to Dubai, navigating a transformative journey in the blockchain realm. Founder Humayun Sheikh's resilience and FET cryptocurrency's market impact signify Fetch.ai's commitment to innovation amid adversity.
JoyTreasureDAO delays its Litepaper release, integrating MAGIC as Gas, heralding a strategic evolution in the blockchain gaming sector.
MiyukiThe SEC's extension on the Invesco Galaxy Ethereum Spot ETF decision signifies a critical juncture in integrating cryptocurrency into regulated financial markets, balancing innovation with market integrity.
AlexGoMining revolutionises Bitcoin mining by leveraging powerful computers, LBH tokens, and NFTs, democratising the industry. With a low-risk profile, a market value of $0.39, and innovative features like the Mine Box Collection, GoMining paves the way for accessible and rewarding cryptocurrency investments.
Joy