Cyber Incident Victim: WonderHero
Date:
Apr 2022
Location:
Philippines
Summary
A cryptocurrency play-to-earn game suffered a security breach when hackers exploited a vulnerability in its cross-chain bridge withdrawal system, stealing approximately $320,000 worth of Binance Coin (BNB) by minting 80 million of the platform’s native tokens (WND). The attack caused WND’s value to plummet over 90%, prompting the company to temporarily disable its game, website, and related services. The stolen funds were routed through a cryptocurrency mixer. In response, the organization committed to compensating users via an airdrop based on pre-attack asset snapshots, auditing its systems, creating a new token contract, and establishing a bug bounty program. Liquidity providers were also promised restitution, though service restoration timelines remained pending.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 7, 2022, WonderHero, a play-to-earn cryptocurrency game with approximately 11,000 active users, suffered a security breach resulting in the theft of $320,000 worth of Binance Coin (BNB). Blockchain analysis firm PeckShield alerted WonderHero that morning about an ongoing exploit targeting the platform's cross-chain bridging withdrawal system—a mechanism enabling token transfers between blockchains. The attackers minted 80 million WND tokens, WonderHero’s native cryptocurrency, and converted them into 750 BNB before laundering the funds through PancakeSwap, a cryptocurrency mixer. This caused the value of WND to collapse by over 90%. WonderHero responded by immediately disabling its game, website, marketplace, and related services to contain the breach. The company notified users of the incident and the drastic price decline, though initial communications did not yet confirm the full scope of the attack.
By the afternoon of the same day, WonderHero published a detailed blog post confirming the theft and technical cause. The breach specifically exploited vulnerabilities in their cross-chain bridge infrastructure, a type of system frequently targeted in recent cryptocurrency hacks. WonderHero announced plans to remediate the bridge flaw, conduct a full system audit, and deploy a new smart contract for the WND token. They committed to restoring user assets based on a pre-attack snapshot of holdings on the BNB Chain, promising to airdrop replacement WND tokens and compensate liquidity providers. All user assets on the Polygon blockchain—including HON tokens, WND, and NFTs—were declared secure, though all platform services remained temporarily offline during repairs. The company warned users against trading WND until the new contract was implemented and disclosed intentions to establish a bug bounty program for future vulnerability detection. Meanwhile, users expressed skepticism on social media, questioning whether WonderHero would address losses stemming from post-crash trades executed during the price volatility. No timeline for service restoration was provided at the time of the announcement.