Hackers attack Vulcan Forged, crypto-gaming platform; over $140 million USD stolen

The crypto-gaming platform known as Vulcan Forged reports being the target of a massive cyberattack that generated losses of more than $140 million USD in virtual assets. The company mentions that the hackers would have accessed 96 e-wallets, which allowed them to steal almost 25% of the total assets stored in Vulcan Forged.

Through his Twitter account, Vulcan Forged CEO Jaime Thomson acknowledged the incident and posted some updates about it, highlighting that the attack was possible due to the use of a certain online wallet: “We currently use Venly, a semi-guarded online wallet that, as far as we knew, had never been hacked. The attackers exploited our servers and obtained the Venly credentials of the affected users.”

Thomson says Vulcan Forged will stop using decentralized wallets, hoping to prevent a similar incident in the future. In other words, the company will begin allowing users to manage their own wallet keys instead of taking responsibility for these keys on its servers.

Hackers managed to steal assets in cryptocurrencies such as Ether, Polygon and PYR, Vulcan Forged’s native cryptocurrency whose value plummeted after the incident. The platform’s administrators have asked members of their community to withdraw funds from liquidity pools on decentralized exchange platforms.

Apparently, threat actors have already traded small batches of PYR for Ether. According to a specialized firm, at least $2 million USD is in a compromised wallet under the control of the attackers; this report also notes that affected users have been asked to create MetaMask accounts to receive their compensation.

Attacks against cryptocurrency platforms continue to be a growing trend; in October, a major hacking attack cost the Ethereum-powered lending protocol called Cream Finance some $130 million in digital assets.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.