Latest Splinterlands hack reminds us of the risks and weak point of hot wallets
Probably most involved in Splinterlands or being around it have already find out that the game recently experienced a security incident that resulted in the theft of approximately 6 million SPS and 8 million DEC tokens which in the current market conditions accounted for up to $200,000. The stolen tokens were dumped right away on the markets causing a drop in price for $SPS and also significant concern among the game's community, including myself. In an official announcement, Splinterlands revealed that the theft occurred from old, no longer used hot wallets deployed on a certain infrastructure that were previously used for bridges between the Splinterlands game and the Binance Smart Chain (BSC) and Ethereum (ETH) chains before Terablock took over. With the new technology changes Splinterlands has moved to more secure solutions, but I think that was a good hit that it took.
Hot wallets
Based on the team statements, a key risk and weak point that led to this hack was the failure to remove tokens from old hot wallets that were no longer in use. Keeping tokens in hot wallets, which are online wallets connected to the internet and deployed on weak infrastructure, poses a higher risk of being compromised by hackers compared to cold wallets, which are offline wallets not connected to the internet. In this case it looks like the hot wallets were not properly maintained and monitored, leading to the theft of tokens.
Weak or deprecated infrastructure
Another risk was the lack of thorough security measures and protocols in place to protect the hot wallets. It is unclear how the wallets were compromised, and this highlights the importance of robust security practices, such as multi-factor authentication, multi-key signatures, regular audits, encryption and other methods to prevent unauthorized access to infrastructure and wallets and safeguard the assets stored in them.
Old bridges
Furthermore, the reliance on old bridges between different blockchain networks can pose vulnerabilities that might have been exploited by hackers. Blockchain interoperability is still a relatively new and rapidly evolving field, and vulnerabilities in bridging mechanisms can be exploited by malicious actors to gain unauthorized access to wallets or transfer tokens. And we've seen this in multiple projects, even here on the Hive blockchain when expanding into other ecosystems.
Splinterlands has acknowledged the oversight even in the last AMA and has committed to conducting a thorough review of all hot wallet security to prevent similar incidents in the future. Probably we will see in a future statement the results of it, even if it is a sensitive subject to talk about. But if you don't talk you stop being transparent and people like myself might wondered about the security of the game assets, including the DAO Treasury. This incident serves as a reminder to the broader blockchain and cryptocurrency community about the importance of robust security practices, regular audits, and staying updated with the latest security protocols to protect digital assets from potential hacks and thefts. Better use a cold wallet above all or at least ensure keeping your keys safe one way or the other!
Come and join the amazing world from the Splinterlands!
Posted Using LeoFinance Beta
https://twitter.com/1255875963726041089/status/1648992397949280256
The rewards earned on this comment will go directly to the people( @behiver ) sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.
Ah that sucks I didn’t hear about it until now. That’s a hard hit but the most impactful lessons are usually the most painful ones. Glad it was 200k and not 500k! Still a hell of a hit in times like this.
Posted Using LeoFinance Beta
Yeah, lucky enough it wasn't a big lose, but it still bites.
Posted Using LeoFinance Beta
Great caption image! and yes totally scary especially considering as theres many with decent sized accounts.
Right and the assets value is growing now with the land expansion. Somebody wanting to scam me for my Keep saying he will give me $20k. It made me laugh how stupid the scammer was, but I guess some still get trapped by it.
Posted Using LeoFinance Beta
Apparently the team got too rich that they can afford to idle millions of tokens on unused wallets.
Yeah, that was quite unexpected. I hope that the DAO Treasury is well guarded and has enough security measures.
Posted Using LeoFinance Beta
Hearing it first here. Hmmn.
Posted Using LeoFinance Beta
Hearing this for the first time too, but the teams must avoid such mistake in the near future.
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators.
100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited.
lolztoken.com
This Post Was Manually Curated by the FUN Curation Team.
Help reward #fun content creators by joining our curation trail on Hive.Vote.
Or Delegate Hive to @lolz.curate and earn LOLZ farming rewards.
Click to delegate 10, 25, 50, 100, or 1000 HP with HiveSigner.
Loose ends should always be sorted out and solved before they get exploited by malicious actors. $200K is a lot in a bear market.
It's too bad to see that but at least it wasn't a huge amount. Applications will need to focus on security and making sure that everything is safe for all users.
Posted Using LeoFinance Beta
Do you know you can win a Chaos Legion pack and many other things just by following some simple steps ?? Check out our Latest Daily Showcase and Participate our latest Giveaway. Thanks
Thanks for sharing! - @alokkumar121
