Important Notice to Definians!


As of this article being published, we have paused the feature of minting heroes from all V2 Mystery Boxes and disabled buying and selling Mystery Boxes from the secondary marketplace. We have also paused the feature of redeeming the Mystery Ticket to Mystery Box feature. Meanwhile, please do not do any over-the-counter trade at the moment until further notice.

We’ve got a report from the community member and did an investigation after his report.

Timeline Transparency Report:

Tuesday, Dec 28th

  1. We got a report from a community member that he has found suspicious activities from different wallet addresses.
  2. We collected the suspicious addresses and did an investigation to find out the pattern of the behavior.

What we found out:
The hacker bought BNB from FTX exchange and swapped the BNB to FINA through Pancakeswap to purchase Mystery Boxes from our secondary marketplace. The hacker then exploited the Mystery Box V2 Smart Contract to mint SSS heroes and SS heroes from the Mystery Boxes, disregarding the actual drop rates. The hacker then tried to hide the smart contract exploitation by putting the hero for sale on the secondary marketplace or staked them into the game.

We paused the purchasing of Mystery Boxes to prevent him from further purchasing more Mystery Boxes. And the developers had a meeting to look into the smart contract and solutions for a new smart contract.

We had a theory about how the hacker exploited the contract but we are not able to repeat the action to prove the theory. Thus, we are offering a Bounty Program to the first person who could repeat his exploits on the testnet.

Testnet Contract for V1 Mystery Boxes

Testnet Contract for V2 Mystery Box

Wednesday, Dec 29th

  1. We did further investigation and traced all his transaction history of all related accounts.
  2. We marked his wallet addresses and NFTs that the hacker holds through the tag feature using BSC Scan.
  3. At the same time, we worked on the new smart contract.

Thursday, Dec 30th

  1. We informed our marketplace partner (TheForce.Trade and OKEx) to take down all the heroes the hacker has put on sale to prevent the hacker from making more profits after tracing down his holdings.
  2. We found out his telegram ID and reached out to him for a peaceful solution plan. We are willing to pay him the money he has spent to purchase the Mystery Boxes from the secondary marketplace to have those NFTs back to us.

Plans on the Exploited NFTs

The team’s current plan is to get the NFTs back and then use it to reward the first reporter and the person who successfully uncovered the smart contract exploit in the Bounty program. We will giveaway the remaining NFTs via community events to give the NFTs back to the players and community members. The current plan we have is to do a lottery draw weekly. The Defina players could get a lottery ticket (priced at 2.5 FINA), and those who are new to Defina will need to pay 5 FINA for a lottery ticket. We will do a weekly draw to giveaway the SSS to a winner. 50% of the FINA we received from the sale will be put into the PVP arena reward pool. The remaining 50% will be sent to the black hole to deflate FINA.

Below is the list of the hacker’s addresses and NFT IDs that he still holds:

If you’ve traced any more suspicious addresses, please report to us! We will reward 20 FINA for each suspicious address.

If your NFT is mistakenly listed on the spreadsheet, please contact us through support ticket on Discord or send us an email to

We will do a verification process and once it’s verified, we will remove the blacklist.

Note: Please do not buy those NFTs over the counter as we will blacklist those NFTs from our game server (those will not be able to be used in our game).

Another Note to the Hacker:

We are giving you 12 more hours to reach out to us so we could purchase those NFTs back from you. This is our final offering and prefer to encourage you to peacefully work it out with us.

If we did not get anything back from you before the deadline, we will blacklist all the NFTs you currently own and put a tag on them to prevent players from being purchased. The blacklisted NFTs will also not be recognized by the game server.

Note: At the moment, player will not be able to search and find those NFTs on our secondary market. However, the hacker may offer you an over the counter sale through other platform, so please do not do any OTC trade.

What’s Next:

The new Mystery Box Smart Contract is completed [V4].

Our new smart contract on Testnet:

We will do the following:

  1. Audit the new smart contract. We will pause the current Mystery Box smart contracts and take a snapshot of the current owners.
  2. If we couldn’t get the NFTs back, we will then add the same amount of Heroes back to the Mystery Box hero pool so the community members could still pull those heroes out. [Since we blacklist the effected NFTs, and the server will not be able to recognized them, it act as a “burn”]
  3. The players who hold old Mystery Box(es) (from V1 to V3) at the time of the snapshot will be able to swap their existing boxes to V4 Mystery Boxes on a one-to-one basis after we deploy the new contract.
  4. The trading feature and minting feature will go back to normal after we deploy the new smart contract.

We will inform you once all the above are completed through an another social announcement.

New Smart Contract Highlight:

  1. We used Chainlink VRF to increase the security of our smart contract
  2. We will offer our community a bounty program to triple-check our smart contract to ensure max security.


Defina does not tolerate behavior that cheats the system and we will take action against it. Once again, fairness and security is one of our top priorities and we will maintain this in the future. Thank you for supporting Defina.

Defina Team

About Defina Finance

Defina Finance is a fascinating blockchain game that combines the concept of Defi and NFT. Players can buy or collect various NFT Mystery Boxes to get heroes & weapons as well as fight and enhance their champions to learn skills in numerous game scenarios. Players can participate in Defi yield farming and earn abundant on-chain earnings while enjoying a fun and strategic game with PVP and PVE modes. Defina’s vision is to bring blockchain to millions of players, allowing them to explore a new form of gaming through blockchain technology. Come create-to-earn with us as we build the Defina metaverse together!

Define your destiny, conquer your enemy & earn FINA daily!

Website | Twitter | Telegram| Discord | More




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cyber Power Systems strengthens the cybersecurity confidence of its PowerPanel Cloud Service…

Funny Game World — Simple, Fun and Profitable

Planet IX: Connecting your MetaMask Wallet to Planet IX

{UPDATE} Subway Temple Surfers 3d Run Hack Free Resources Generator

Vulnerability Management In Your GitFlow

{UPDATE} Hilltop Hotrods Hack Free Resources Generator

What is a Computer Virus and types of Virus?

V-ID (VIDT) is now available on Kyber Network

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Get Mystic Chests for a Mystery Box!

StarMon P2E is Backing!

A Letter to the CyberDragon Community