A cybersecurity auditing firm, Hacken, has warned that GameFi projects are exposing their users and projects to a great risk by putting “profit above security” in what it regards as major hacks in play-to-earn games.
According to the blockchain cybersecurity company, play-to-earn (P2E) crypto games developers adopt “unsatisfactory” security measures that expose GameFi projects and players to tons of security risks.
In a report the outfit shared with Cointelegraph on Monday, Hacken explained that GameFi projects, the umbrella body for P2E, games release products that show they prioritize profit over security by ignoring appropriate precautions against cyber attacks.
The company noted that “GameFi projects […] do not follow even the most essential cybersecurity recommendations, leaving malicious actors numerous entry points for attacks.”
Besides crypto, P2E games include non-fungible tokens (NFTs). StepN (GMT) and Axie Infinity (AXS) are some of the largest P2E game projects that incorporate blockchain networks, token bridges, physical merchandise, and an array of products to offer players the best gaming experience.
A research conducted by the cybersecurity company revealed that data collected by CER.live, a crypto security ranking service, exposed the multiple deficiencies in crypto games, especially GameFi cybersecurity.
The researchers discovered that none of the reviewed 31 GameFi tokens qualified for the AAA ranking, the top security ranking while more than half (16) got a worrisome D score, the worst ranking.
The ranking factored in several cybersecurity aspects such as the existence or not of a bug bounty, token audits, insurance, and whether the team is anonymous or not. Only recently, 300+ NFTs Stolen, $400k in Ethereum Taken In Premint Hack.
During the research, the Hacken team discovered that none of the reviewed P2E projects was insured. The zero insurance coverage is responsible for the low score because such projects can’t recover their funds in the event of a hack.
InsurAce, a crypto insurance firm confirmed that research’s result. According to Dam Thomson, the insurance firm’s chief marketing officer, their firm wasn’t covering P2E projects.
Findings also revealed that Aavegotchi and Axie Infinity have bug bounties that are designed to award white hack hackers some monetary compensation whenever they find bugs in the game’s code.
The research also revealed that only 5 out of the 14 projects that have been granted a token audit have completed a platform audit that is designed to find potential security holes in their ecosystem. These are Radio Caca, Aavegotchi, DeFi Kingdoms, Alien Worlds, and The Sandbox.
Another vulnerability common to P2E games identified by the report is token bridges. In March, Axie Infinity lost some $600 million worth of tokens when its Ronin token bridge was hacked in one of the largest hacks in the crypto industry.
In conclusion, the firm charged gamers with the responsibility of performing their security check of any P2E project before committing their hard-earned money into them. It advised: “And, of course, keep in mind that investing in P2Es remains a potentially profitable but quite risky affair.”
In a related development, Miles Deutscher, a crypto analyst, expressed his concerns over the worrisome security situation of the crypto space. He tweeted: “We went from:
> Meme coins not being safe
> DeFi ponzis not being safe
> Stablecoins not being safe
> Top 10 L1s not being safe
> Bridges not being safe
> CEXs not being safe
> Wallets not being safe