A cybersecurity auditing company claims that GameFi programs put “money above security” and are therefore very hazardous for the projects and their members.
Hacken, a blockchain cybersecurity auditor, says that “unsatisfactory” cybersecurity methods in play-to-earn (P2E) crypto games represent a significant danger to GameFi projects and their players.
According to statistics given on Monday, GameFi projects, which P2E games would fall under, frequently “place money before security” by delivering goods without taking the necessary protective measures against hackers:
“GameFi projects […] do not adhere to even the most basic cybersecurity best practices, providing bad activity with many attack entrance points.”
P2E games frequently include nonfungible tokens (NFTs) and cryptocurrency in their ecosystems. The biggest initiatives, such as Axie Infinity (AXS) and StepN (GMT), employ a wide range of tools meant to improve the game experience, like token bridges, blockchain networks, or tangible goods.
Based on information gathered by the crypto security ranking service CER. Live, Hacken researchers discovered that GameFi’s cybersecurity, in particular, had severe flaws. Of the 31 GameFi tokens examined, none obtained the highest security rating, AAA, while 16 received the lowest D score.
The weighing of several cybersecurity factors, including token audits, insurance, bug bounty programs, and team transparency, was used to assign rankings to each project.
The reason why GameFi projects often received low grades, according to Hacken’s research, is because no P2E projects had insurance, which would have allowed projects to recover their money in the event of a hack rapidly.
The absence of insurance is partially verified by Dan Thomson, chief marketing officer of crypto insurance company InsurAce, who said on Thursday that the company did not cover any P2E ventures.
The research also discovered that only two projects run bug bounty programs. In order to encourage white hat hackers to uncover problems in a project’s code, Axie Infinity and Aavegotchi both have bug bounties.
Finally, it was discovered that while 14 projects had their token audits done, only five had their platform audits, which might have revealed significant security flaws throughout the project’s ecosystem. Aavegotchi, The Sandbox, Radio Caca, Alien Worlds, and DeFi Kingdoms are a few of these.
The co-founder of Illuvium, Kieran Warwick, detailed the substantial efforts his organization takes to secure users, whereas Hacken’s study presents a bleak image of GameFi cybersecurity.
On August 5, Warwick stated that he is aware that “GameFi initiatives like ours are among the top targets for hackers these days.”
He claimed that as a result, his project had improved its security to stave off attacks by bringing on a specialized security team, starting a $150,000 bug bounty program, and having new products audited.
Warwick noted that in order to add a layer of education to its security procedures, his project’s Discord server offers security guidelines and suggestions to new members who join. He stated:
“Our users’ safety and trust are our top priorities.”
In addition to the primary in-game items, the Hacken study identified token bridges as a P2E game vulnerability. When over $600 million in tokens were lost on Axie Infinity’s Ronin token bridge in March, it was the scene of one of the worst hacks in the history of the cryptocurrency industry.
According to Hacken, there will probably be more security flaws and money taken from projects as P2E games gain popularity. Before investing a significant amount of money in a project, the company has suggested that players conduct their security check on it:
“And, of course, keep in mind that investing in P2Es remains a potentially profitable but quite risky affair.”