WonderHero is a popular blockchain NFT (non-fungible token) game where players earn revenue in cryptocurrencies and NFTs through gameplay. According to The Record, the operators of WonderHero have disabled the service after hackers stole about $320,000 worth of Binance Coin (BNB). This gaming platform was breached after hackers gained access to its private keys.
According to a blog post from WonderHero, they explained that the attack was on their “cross-chain bridging withdrawal,” referring to their cross-chain bridge, otherwise known as a blockchain bridge. Normally, these allow users to transfer tokens, assets, smart contract instructions, and data between blockchains, however hackers have found ways to gain access to the bridge and steal cryptocurrency during transit, stealing the victims’ assets and causing large financial damage to both company and user.
On top of this, the attack caused the price of WonderHero’s own coin, WND, to plummet by more than 90%.
Who were the victims?
The platform currently has about 11,000 active users. It is reported that WonderHero will try to release new coins to their users instead of using the existing coins. The timeframe for users receiving compensation will be announced at a later date.
How could it have been prevented?
Eclypses MTE® Technology would have been a solution as it does not rely on key repositories or private keys, which is one of the biggest weaknesses in blockchain and cryptocurrency today. Whoever has the keys has access to the data (encrypted data, cryptocurrency data, anything the private key was trying to protect is now exposed to anyone with a key). This security structure causes many crypto companies to face a similar problem – trying to find a way to protect private keys. These companies typically use a vault-type database, rotate master keys and then hide them in the hopes that they will remain secure. However, hackers have become aware of this common practice and its vulnerabilities and take advantage of it to gain access to private keys and subsequently user data.
With MTE Technology, wallet holders have a uniquely paired endpoint making it so private keys are not required removing the vulnerability they create. Only the wallet holder can ever access the data, preventing hackers from ever being able to duplicate an endpoint or forge a transaction. MTE technology should be installed on all blockchain-based cryptocurrency wallets.