WonderHero game disabled after hackers steal $320,000 in cryptocurrency
Image: Priscilla Du Pree
Jonathan Greig April 7, 2022

WonderHero game disabled after hackers steal $320,000 in cryptocurrency

WonderHero game disabled after hackers steal $320,000 in cryptocurrency

The operators of cryptocurrency play-to-earn game WonderHero have disabled the service after hackers stole about $320,000 worth of Binance Coin (BNB).

The attack caused the price of WonderHero’s own coin, WND, to plummet more than 90%

WonderHero is one of many popular games where players earn revenue in cryptocurrencies and NFTs through gameplay. The platform currently has about 11,000 active users.

But on Thursday morning, blockchain analysis firm PeckShield notified the company that a hacker was exploiting the platform. WonderHero quickly disabled the game and its website before telling users it was aware of the price drop in WonderHero’s coin.

By Thursday afternoon, the company released a blog post confirming that the hackers had stolen a total of 750 BNB after minting 80 million WND. The hackers then sent the 750 BNB to a cryptocurrency mixer called PancakeSwap. 

They explained that the attack was on their “cross-chain bridging withdrawal.” A cross-chain bridge – also known as a blockchain bridge – allows people to transfer tokens, assets, smart contract instructions and data between blockchains. They have become a ripe target for hackers in recent months and exploits in bridges have led to millions of dollars in losses. 

WonderHero said it would work to fix the breach on their cross-chain bridge before auditing the entire system and creating a new contract for WonderHero’s coin. They said they plan to “airdrop” new WND tokens to users based on a snapshot prior to the attack. 

They also plan to compensate all liquidity providers but said the timeline for a recovery of services will be announced at a later date. They also said they have plans to create a bug bounty program to identify other vulnerabilities. 

“Users can be assured that their HON, WND, NFT and accounts on Polygon are safe. WonderHero website, marketplace, game and other services will be temporarily disabled as the team works on the rectification,” the company said. 

“A snapshot of users’ assets on BNB Chain prior to the attack will be taken. WonderHero is committed to not just making the game fun but also keeping the assets of our players safe and we will spare no effort in doing so. The team will conduct checks and leave no stones unturned.”

The company urged users not to make any trades until the new contract has been issued.

On Twitter, several users criticized the company, questioning whether they will cover the losses of those whose orders came after the price of WND tanked. 

WonderHero did not respond to requests for comment. The attack took place just weeks after another play-to-earn cryptocurrency game, Axie Infinity, was hit with an attack that saw hackers steal about $625 million in cryptocurrency.

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.