The hacking affected Vulcan Forged’s servers, no Venly servers and solutions have been compromised. Both companies are working closely together to understand the malicious attack.
[December 13, 2021] - Venly, a blockchain technology provider, announces that today, at around 00:30 am CET, their customer Vulcan Forged, a blockchain game studio and NFT marketplace, was hacked. As of now, PYR has been removed from at least 96 affected wallets to this address.
The hack appeared to be limited to Vulcan Forged’s servers, and the Venly servers and solutions remain safe and secure. The Venly team affirmed that it spent all night actively helping Vulcan Forged analyze the issue and understand what happened. Together, they continue to assess data analytics to advance fast recovery from this unfortunate event and fortify Vulcan Forged’s security strategy further.
During the investigation, the Vulcan Forged team shared the attacker’s wallet address with Venly. The Venly team then tracked all transfers and the originating wallet and discovered that all wallets were created by Vulcan Forged.
The attacker was able to intercept the user's PINs and exported the wallets using the credentials of Vulcan Forged on December 12. Venly also traced the export network calls back and noticed that they were all coming from servers on Vulcan Forged's IP, indicating that – from Venly’s perspective – all calls made were legitimate calls.
“After thorough research, we can confirm that all Venly B2B and B2C Wallet users outside of Vulcan Forged are safe. None of our other clients or end-users are affected,” says Tim Dierckxsens, the CEO and Co-Founder of Venly. “The Venly Team will continue to support Vulcan Forged and all its users to the best of its abilities in all transparency. We also want to emphasize the great efforts of Vulcan Forged to ensure a good outcome for all its users.”
While the hack was in progress, Vulcan Forged CEO Jamie Thomson communicated that Venly services had been compromised on Twitter and Discord. Venly stated that it can assure all its users that this has not been the case, and Vulcan Forged CEO publicly retracted the previous statements made. In addition, the majority of PYR has already been refunded by Vulcan Forged to affected wallets from the Vulcan Forged treasury.
Venly further noted that it takes the security management of wallets with the utmost care, with the team maintaining a security bounty, which has been in place for the past three years. However, the company encouraged all its B2B wallet API clients to review their own security protocols to avoid similar threats.
If it’s not clear what the best practices are for projects, please contact your account manager from the Venly team, and they will be happy to help you update your security.
Venly (previously Arkane Network) is a blockchain technology provider. It offers users of blockchain projects digital wallets to store assets with a native solution that also works on mobile devices. Venly also recently launched the Venly Market as the first-ever peer-to-peer and blockchain agnostic NFT marketplace.
About Vulcan Forged
Vulcan Forged is a game studio behind several blockchain games as well as an NFT dApp ecosystem and marketplace. One of the games, VulcanVerse is a fantasy virtual world made up of unique pieces of land using blockchain technology where users can explore, build, play, buy, sell and interact.