Probably most involved in Splinterlands or being around it have already find out that the game recently experienced a security incident that resulted in the theft of approximately 6 million SPS and 8 million DEC tokens which in the current market conditions accounted for up to $200,000. The stolen tokens were dumped right away on the markets causing a drop in price for $SPS and also significant concern among the game's community, including myself. In an official announcement, Splinterlands revealed that the theft occurred from old, no longer used hot wallets deployed on a certain infrastructure that were previously used for bridges between the Splinterlands game and the Binance Smart Chain (BSC) and Ethereum (ETH) chains before Terablock took over. With the new technology changes Splinterlands has moved to more secure solutions, but I think that was a good hit that it took.
Hot wallets
Based on the team statements, a key risk and weak point that led to this hack was the failure to remove tokens from old hot wallets that were no longer in use. Keeping tokens in hot wallets, which are online wallets connected to the internet and deployed on weak infrastructure, poses a higher risk of being compromised by hackers compared to cold wallets, which are offline wallets not connected to the internet. In this case it looks like the hot wallets were not properly maintained and monitored, leading to the theft of tokens.
Weak or deprecated infrastructure
Another risk was the lack of thorough security measures and protocols in place to protect the hot wallets. It is unclear how the wallets were compromised, and this highlights the importance of robust security practices, such as multi-factor authentication, multi-key signatures, regular audits, encryption and other methods to prevent unauthorized access to infrastructure and wallets and safeguard the assets stored in them.
Old bridges
Furthermore, the reliance on old bridges between different blockchain networks can pose vulnerabilities that might have been exploited by hackers. Blockchain interoperability is still a relatively new and rapidly evolving field, and vulnerabilities in bridging mechanisms can be exploited by malicious actors to gain unauthorized access to wallets or transfer tokens. And we've seen this in multiple projects, even here on the Hive blockchain when expanding into other ecosystems.
Splinterlands has acknowledged the oversight even in the last AMA and has committed to conducting a thorough review of all hot wallet security to prevent similar incidents in the future. Probably we will see in a future statement the results of it, even if it is a sensitive subject to talk about. But if you don't talk you stop being transparent and people like myself might wondered about the security of the game assets, including the DAO Treasury. Tis incident serves as a reminder to the broader blockchain and cryptocurrency community about the importance of robust security practices, regular audits, and staying updated with the latest security protocols to protect digital assets from potential hacks and thefts. Better use a cold wallet above all or at least ensure keeping your keys safe one way or the other!
Come and join the amazing world from the Splinterlands!
Posted Using LeoFinance Beta
