Hello Definians,
Thank you for your reports regarding suspicious activities that were happening. Through your ever helpful reports, the team is alerted and immediately took action to correct the cause of the malicious activities.
You will not be able to withdraw tokens for 5 days as a safety measure as we investigate further.
Transparency between the Defina team and the community is our number one priority. Below is a report of the incident that occurred on April 27th, 2022.
Suspicious FINA Withdrawal
Bug Exploited: Response time between Server and Website.
The hacker exploited the response time between the withdrawal message on the website to the server. The [Withdraw] and [Cancel] buttons were frequently used to abuse a website loophole.
# of $FINA affected: 309,000 FINA
Intercepted: 168,000 FINA
Solution:
The relevant modules have been modified and a further verification process is in place. We will suspend the withdrawal of tokens for 5 days as of this medium article post. We are still doing in-depth investigations to ensure it will not happen again in the future. We will add extra security measures and automatic detection programs for suspicious activities to prevent similar problems in the future.
Additionally, from the investigations, the team speculated that there might be a flaw in the data communication between the game server and the website. We delved further to check if the game server can be hacked and modified. We have changed parts of the game server code and testing the game server took some time. We have not found any error on the server-side so we have concluded that the problem originated from the website but not the game server. We were able to locate the bug and replicate the hacker’s operation so we added more security features to prevent future hacks. We have also studied all withdrawal transactions and can confirm that this is the first time that it has happened. There has been no suspicious or similar withdrawal activity before this incident.
At present, the game server has returned to normal. Our smart contracts remain safe and secure. There will be a compensation plan for this event. For players that have submitted withdrawal transactions, the requests are currently paused and not cancelled. The withdrawal remaining time will continue when the withdrawal system is back live.
Banned Mystery Boxes
Unlike those who have been found using scripts and other malicious software, the hacker’s minted Mystery Boxes and its opened Hero NFT cards will be banned forever. The Mystery Box and Hero Pool will be replenished, the hero NFT’s are still only limited to 96k.
If you bought banned boxes, please open a support ticket on Defina’s Discord and provide transaction hashes and NFT ID’s so the Defina team can verify and assist you.
Defina does not tolerate malicious behaviour and will be taking action against them once discovered. We appreciate each and every player and will continue to provide a friendly and secure environment for our Definians.
Thank you for supporting Defina!❤️
About Defina
Defina is an innovative blockchain gacha game that embraces NFT technology that allows true ownership of acquired game assets in the game. Players can open Mystery Boxes, collect their favourite Hero NFTs and trade them in the marketplace. Level up your Heroes, Build amazing teams, Combat in PVP Arena and Battle Vrykos to save humanity from the brink of destruction! Defina’s vision is to bring blockchain to millions of players, allowing them to explore a new form of gaming through blockchain technology. Come join us as we build the Defina Metaverse together!
Define your destiny, conquer your enemy & build with us daily!
