PlayDapp hacker attack report: Administrator’s private key stolen due to domain name spoofing email

According to news on April 1, the blockchain game platform PlayDapp released a post-hacking report. The reason for the theft was that PlayDapp received a domain name spoofing email from a hacker on January 16. The email was disguised as a cooperative exchange of PlayDapp. PlayDapp opened the email After the attachment in the email, the malicious code was executed and a tampered remote access multi-session tool was installed. Subsequently, the hacker took remote control of the PC, resulting in the administrator's private key being stolen. On February 9, a hacker illegally used the stolen private key to change all the contract’s permissions on its account, delete the authorization of the existing administrator, and effectively minted 200 million PLA tokens to its account. PlayDapp says domain owners (in this case, exchanges) can prevent this type of domain spoofing by setting up a simple security measure called DMARC. Golden Finance previously reported that PlayDapp was hacked in February, and the hackers minted tokens twice. PlayDapp decided to migrate the tokens from PLA to PDA on a 1:1 basis.