GameFi developers may be subject to significant fines and harsh punishment
A significant hack of play-to-earn cryptocurrency games is imminent
India leads the world in NFT gaming, whereas Western countries have fewer P2E players
Hacken, a blockchain cybersecurity auditor, warns that "unsatisfactory" security measures in play-to-earn (P2E) crypto games pose a big risk to both GameFi projects and their players.
Hacken said in a report sent to Cointelegraph on Monday that data shows that GameFi projects, which would include P2E games, often "put profits over security" by putting out products without taking the right steps to protect against hackers.
"GameFi projects [...] don't follow even the most basic security recommendations. This gives bad people a lot of ways to attack."
P2E games often have crypto as well as nonfungible tokens (NFTs) in their ecosystems. The biggest projects, like Axie Infinity (AXS) and StepN (GMT), use a wide range of products to improve the gaming experience, such as token bridges, blockchain networks, and physical goods.
Based on data collected by the crypto security ranking service CER.live, researchers at Hacken found that GameFi's security had a lot of problems. It found that none of the 31 GameFi tokens that were looked at got the best security score of AAA, while 16 got the worst score of D.
The rankings for each project were based on how much weight was given to things like token audits, whether or not they have a bug bounty and insurance, and whether or not the team is public.
Hacken's report said that GameFi projects usually got low scores because none of the P2E projects had insurance, which could help projects get their money back right away if they were hacked.
Dan Thomson, the chief marketing officer of the crypto insurance company InsurAce, told Cointelegraph on Thursday that it did not cover any P2E projects, which is part of the proof that there is no insurance.
The report also found that only two projects have bug bounty programs that are currently running. Axie Infinity and Aavegotchi both have bug bounties that give money to hackers who find bugs in the project's code.
Lastly, it found that 14 projects have had a token audit, but only five have had a platform audit. A platform audit could find security holes in the whole ecosystem of a project. Aavegotchi, The Sandbox, Radio Caca, Alien Worlds, and DeFi Kingdoms are some of these.
The report also said that P2E games could be hacked through token bridges. In March, more than $600 million worth of tokens were stolen from Axie Infinity's Ronin token bridge. This was one of the biggest hacks in the history of the cryptocurrency industry.
Hacken said that as the number of people who play P2E games grows, so will the number of security holes and the amount of money stolen from projects. Before putting a lot of money into a project, the company has told gamers to do their own security check:
"Also, keep in mind that investing in P2Es is still a risky business that could be profitable."
On Wednesday, crypto analyst Miles Deutscher asked rhetorically where the next crypto security worry might come from. Deutscher may have his answer.
We went from:— Miles Deutscher (@milesdeutscher) August 4, 2022
> Meme coins not being safe
> DeFi ponzis not being safe
> Stablecoins not being safe
> Top 10 L1s not being safe
> Bridges not being safe
> CEXs not being safe
> Wallets not being safe