Hacked Vulcan Forged Says It Has Refunded ‘the Majority’ of Affected Users

Hack Market NFT Non-fungible tokens Wallet
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
Source: AdobeStock / Dmitry

 

The hacked play-to-earn non-fungible token (NFT) platform Vulcan Forged, which offers over six blockchain games, a decentralized exchange (DEX), and an NFT marketplace, said it has refunded the majority of affected users from its treasury.

The platform fell victim to a hack on Monday and lost around USD 140m.

The team detailed that a hacker got hold of the private keys to 96 ‘My Forge’ wallets and ran away with approximately 4.5m vulcan forged (PYR) tokens, which constitutes 9% of the token’s entire supply and 23.7% of its circulating supply.

“All My Forge wallets have been secured. Only a few needing PYR back,” the developers said in a tweet, adding that the new wallet system is expected to go live within two days. 

The team has also shared the wallet responsible for the exploit, claiming that they are working to identify footprints and that they “have isolated the tokens stolen from all [centralized] exchanges.” 

Jamie Thomson, CEO of Vulcan Forged, appeared in a video to give further details about the incident. He said there wasn’t a problem with Venly, the wallet solution provider that the platform uses – rather the hacker managed to attack the semi-custodial wallets.

“What’s happened is that someone’s exploited our servers, got the Venly credentials, and used it to extract the private keys of the MyForge users,” Thomson said.

Thomson insisted that the incident has motivated the team to adopt a 100% decentralized solution. “Going forward, of course, we’re going to be using nothing but decentralized wallets so we never have to encounter this problem again,” he said.

“The attack was possible because all the private keys to all of the project’s wallets were held centrally on a single local network,” Gleb Zykov, Co-Founder and Chief Technology Officer of HashEx, a blockchain advisory and security audits company, told Cryptonews.com, adding that decentralized wallets more known as multisignature wallets make this kind of exploit much more difficult.

“Classic DeFi attacks do not particularly hack anything, they just exploit the opportunities given by smart contracts’ code itself. Sometimes, classic DeFi attacks exploit a sequence of smart contracts using flash loan protocols that allow to borrow uncollateralized loans. In this type of attack, the hacker drags the loaned liquidity through a series of smart contracts to manipulate the market in his or her favor, pockets the profit made through a pump-and-dump operation, and returns the loan. But here the liquidity was just transferred from wallets using the private keys to a different wallet or wallets,” Zykov explained.

Meanwhile, PYR tanked between December 12 and December 13, from USD 32.3 to USD 21.66, losing nearly 33%. At 10:15 UTC on December 15, PYR is trading at USD 21.7, having gone down 6.5% in the past day. 

 

____

Learn more:

Crypto Exchanges in 2022: More Services, More Compliance, and Competition
Hacked AscendEX to Reimburse Users, Says ‘Relatively Small Percentage’ Impacted

Hacked Bitmart to Compensate Crypto Traders After USD 200M Loss
At Least 6,000 Coinbase Clients Robbed This Spring, Exchange Reimburses Losses

Badger DAO Appears to Have Lost Over USD 120M in an Attack
MonoX Team Confirms Exploit, USD 30M+ Might Be Stolen

____
(Updated at 12:37 PM UTC with a comment from Gleb Zykov.)
 

More Articles

Bitcoin News
Bitwise Releases 2025 Crypto Predictions: Bitcoin to $200,000
Hongji Feng
Hongji Feng
2024-12-10 17:59:50
DeFi News
Jupiter DEX Approves Revised Airdrop Proposal After Initial $1.7B Plan Fails
Tim Hakki
Tim Hakki
2024-12-10 17:24:03
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors