Cyber Incident Victim: VulcanForge
Date:
Dec 2021
Location:
United States of America
Summary
Hackers compromised private keys to access 96 user wallets associated with a blockchain gaming company, stealing approximately $140 million worth of its proprietary cryptocurrency token. The breach led to significant sell pressure, causing the token's value to plummet as attackers liquidated portions of the stolen assets through decentralized exchanges. The company advised users to migrate funds to alternative wallets and remove liquidity from trading pools to hinder further cash-outs, while collaborating with centralized exchanges to track and freeze stolen deposits. It publicly committed to reimbursing affected users, later reporting that most stolen tokens had been refunded and those on centralized platforms were isolated. The root cause remained unconfirmed, with a third-party wallet service denying involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 13, 2021, blockchain gaming company VulcanForge disclosed a security breach resulting in the theft of approximately $140 million (4.5 million PYR tokens) from user wallets. Attackers compromised private keys controlling 96 wallets, granting full access to funds. VulcanForge announced the incident via Twitter and Discord, initially questioning whether partner wallet service Venly might be involved but later stating the root cause remained unknown. Venly's CTO denied any compromise of their systems. The company urged users to immediately transfer remaining funds to Metamask wallets and pledged full reimbursement of stolen assets pending investigation. This marked the third major cryptocurrency theft within eleven days, following $119 million stolen from BadgerDAO on December 2 and $150 million from BitMart on December 6, totaling $404 million across these incidents.
The attackers exploited PYR's decentralized exchange infrastructure, trading stolen tokens against liquidity pools on platforms like Uniswap and Quickswap. VulcanForge instructed users to withdraw liquidity from these pools to obstruct the hacker's ability to cash out. Despite these efforts, the hacker gradually exchanged small token amounts, triggering significant price depreciation through sell pressure. VulcanForge coordinated with centralized exchange partners to track stolen funds, claiming exchanges would seize deposited PYR. By December 14, the company reported refunding most stolen tokens and isolating compromised assets on centralized exchanges. The breach impacted multiple VulcanForge gaming products including VulcanVerse and Berserk, which utilize PYR for NFT transactions. VulcanForge declined to provide details about the attack methodology when contacted by media, focusing instead on recovery efforts while asserting the incident would strengthen the organization.