“Unsatisfactory” cybersecurity measures in play-to-earn (P2E) cryptogames pose a major risk to both GameFi projects and their gamers, warns blockchain cybersecurity auditor Hacken.
In an Aug. 1 report shared with TSWT, Hacken said data indicates that Gaming Finance (GameFi) projects, the category under which P2E games would fall, often “put profits over safety” by releasing products without appropriate measures. take precautions against hackers.
“GameFi Projects […] fail to follow even the most essential cybersecurity recommendations, leaving malicious actors with numerous entry points for attacks.”
P2E games often contain non-replaceable tokens (NFTs) in their ecosystems alongside crypto. The largest projects, such as Axie Infinity (AXS) and Stepn (GMT) use a wide range of products designed to enhance the gaming experience, such as token bridges, blockchain networks or physical merchandise.
Hacking researchers found that based on data collected by the crypto security ranking service CER.live., there were particularly serious flaws in GameFi’s cybersecurity. It found that of the 31 GameFi tokens studied, none received the highest security ranking AAA, while 16 received the worst D score.
The rankings for each project were determined by weighing various aspects of their cybersecurity, such as token audits, whether they have bug bounty and insurance, and whether the team is public.
Hacken’s report explained that GameFi projects typically scored low, as it turned out that no P2E projects had insurance coverage that could help projects get instant cash back in the event of a hack.
The lack of insurance is partially confirmed by Dan Thomson, the chief marketing officer of crypto insurer InsurAce, who told TSWT on Thursday that it was not covering P2E projects.
The report also found that only two projects have an active bug bounty program. Axie Infinity and Aavegotchi have bug bounties that award monetary compensation to white hat hackers for finding bugs in the project’s code.
Finally, it found that while 14 projects received a token audit, only five completed a platform audit that could find potential vulnerabilities across the project’s ecosystem. These include Aavegotchi, The Sandbox, Radio Caca, Alien Worlds, and DeFi Kingdoms.
The report also pointed to token bridges as a vulnerability for P2E games. Axie Infinity’s Ronin Token Bridge was the site of one of the crypto industry’s biggest hacks ever when it lost more than $600 million worth of tokens in March.
Related: $2 Billion In Crypto Stolen From Cross-Chain Bridges This Year: Chainalysis
As P2E games grow in popularity, there will likely be an increase in the number of security exploits and dollar value stolen from projects, Hacken said. The company has advised gamers to conduct their own security checks on projects before investing a large sum of money on them.
“And of course keep in mind that investing in P2Es remains a potentially profitable but quite risky business.”
On August 3, crypto analyst Miles Deutscher rhetorically asked where the next crypto security concern might come from. Deutscher may have his answer.
We went from:
> Meme coins are not safe
> DeFi ponzi is not safe
> Stablecoins are not safe
> Top 10 L1s That Are Not Safe
> Bridges not safe
> CEXs are not safe
> Wallets are not secure
— Miles Deutscher (@milesdeutscher) August 4, 2022