ID:
melody-1236
100 pts
Platform:
Type:
Category:
Method:
Data Sources:
Binance Smart Chain
Chain Game
Play-to-Earn
Key Management
Extended Method:
Private key compromise
Days in Operation:
6
(0.02 Years)
100 pts each
Melody is a Web3 App combining GameFi and SocialFi. Players can earn tokens through singing, listening and scoring, and playing in karaoke rooms with their NFT passports in the forms of Microphone, Headphone, and Karaoke Room, etc. And the tokens earned via games can be continuously consumed in the game or cashed out for real profit.
The dev team reported an exploit where 2224 BNB was taken and deposited into Mexc.com. The App's token address was compromised allowing the exploiter to withdraw tokens to himself which he later swapped for WBNB.
According to Supremacy, the attack was not a contract-level vulnerability, but rather a vulnerability involving an Off-chain module. In other words, the vulnerability in the project's Off-chain signature generation module allowed the hacker to bypass access controls and use the API Issue to generate legitimate signatures to extract SGS and SNS and sell the stolen funds via Dex for a profit of 2,225 BNB.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.