Today the game was hacked. At 4:52 AM UTC, the hacker took ~10m LFC and sold them for ~50k BUSD which caused the exchange price to drop. We acknowledged this situation two hours later. The dev team analyzed the logs, found the source of the problem and blocked it immediately.
We’ve learned that this hacker was trying to get his hands on LFC for three weeks by looking for various breaches in the game defense. First, he tried to attack the bridge but had no success at all. The dev team worked very well on its protection by testing it a lot and consulted with invited security experts. The bridge and smart contracts are all good, and keys are not compromised, so where was the breach?
The breach was the account-to-account token transfer function which was in development, not fully tested yet and was deployed to the production version of the server by mistake. Hacker was lucky enough to find it and use one of its bugs. Of course, the dev team analyzed all factors that led to this hack and set some procedures to exclude such things happen in the future.
Since the bridge and smart contracts are fine, the LFC token is good too.
We sincerely apologize to our community for this situation and promise to do all it takes to never make this happen again. It was painful, but it was not lethal. Our determination to finish the project is as strong as ever. We hope for your understanding and support.