🇺🇦 Hacken was born in Ukraine, and we stand with all Ukrainians in our fight for freedom!

🇺🇦 Hacken stands with Ukraine!

Learn more

Guide: Cybersecurity for GameFi Projects

Guide: Cybersecurity for GameFi Projects

Published: 6 May 2022 Updated: 28 Mar 2023

Introduction: What is GameFi?

In today’s connected world, gaming is one of the popular pastimes. But, until recently, gamers could buy their favorite titles from the nearest store or download them from app stores and other distribution platforms like Steam and start playing. 

Most of these traditional game titles, either offered free or at a cost, also include plenty of in-game elements that one can purchase to enhance their gaming experience. However, the digital items purchased within the game were exclusive to the particular title and are of no use or value outside the game environment.

The introduction of blockchain technology to the gaming industry, combined with applications of NFTs and the concepts of Decentralized Finance (DeFi), has changed the way games are played. 

GameFi, a combination of Game and Finance, has emerged as a result where the integration of blockchain technology has enabled extensive use of crypto-assets as in-game elements. 

As NFTs and tokens, these crypto-assets present real-world value and can be earned during the gameplay or purchased from a marketplace. And, just like any other cryptocurrency, it can be traded or exchanged for crypto and even fiat.

GameFi Ecosystem Growth

GameFi has grown to signify an entire financial ecosystem with economic incentives built around gaming. These “GameFi’ed” games are commonly referred to as Play-to-Earn Games, as the players get an opportunity to derive monetary benefits by playing them. 

Few such GameFi titles include the popular Axie Infinity, Decentraland, Alien Worlds, Sandbox, etc. These games make extensive use of NFTs and utility tokens. As a result, users can conduct crypto transactions for in-game interactions and earn rewards in crypto assets, including NFTs.

Even though relatively new, the global GameFi industry is growing at a record pace. According to the recent report by Naavik and BITKRAFT Ventures, the market valuation stood at over US$ 1.5 billion by the end of 2021, with a forecasted CAGR of over 100% to hit the US $ 50 billion by the end of 2025. 

The GameFi ecosystem has registered over 1.06 million daily active gamers on Play-to-Earn games in Feb 2022. Furthermore, the number of GameFi users is forecasted to grow at a rate of at least 1 million per month over a one-year duration to reach 12 million by Q1 2023. 

However, with other mainstream game studios charting out plans to adopt the GameFi approach to their existing and future titles, these numbers could only grow, with a significant number of traditional gamers transitioning to GameFi-enabled games soon. 

Further bolstering these numbers is the increasing interest in Web3.0 and metaverse concepts with Virtual and Augmented Reality capabilities in an increasingly gamified environment.

How does GameFi Work?

The blend of gameplay and a virtual economy that translates to value in the real world makes GameFi unique and signifies a deviation from traditional gaming. 

By incorporating blockchain technology and virtual currencies into the gameplay and in-game economies, GameFi signifies true ownership of in-game assets and rewards with monetary significance.

Play to Earn

While conventional digital games adopt a Pay-to-play model, blockchain games operate on a Play-to-Earn structure to incentivize users.

The incentives are offered as rewards to players for completing in-game tasks, competing in challenges, and progressing through game levels and are usually paid in the project’s native tokens. 

These tokens can be used within the game or exchanged for other crypto or fiat currencies outside the game environment. Most Play-to-Earn GameFi projects allocate a portion of their token supply exclusively for rewards pay-outs.

Absolute Asset Ownership

NFTs play a significant role in the GameFi space, representing readily verifiable ownership of in-game assets. These NFT-based assets offered as rewards or sold on the marketplace allow users to own certain elements in the game or experience enhanced gameplay as upgraded avatars, powerups, access to exclusive game offerings, and even ownership of certain portions like virtual land within the game environment and more.

As owners, players can monetize these NFT-based assets through various mechanisms, including staking for rewards, trading them for other fiat or cryptocurrencies, renting them out to other players, etc. 

The emerging popularity of the metaverse has further broadened the potential of NFTs in the GameFi universe.

Below are a few widely used in-game assets

Virtual land – a portion of the game environment represented in the form of NFTs. Like a plot in the real world, owners can build on top of the virtual land and monetize it by charging other players for access or selling it at a higher price to those interested.

Avatars – Avatars are the player’s persona inside the game. Players can customize the avatar to impart certain traits or appearances. The in-game elements include clothes, accessories, and more.

Characters – Playable characters can be minted or purchased as NFTs, and in a few games, the mechanics allow these characters to breed. These playable characters can be sold or rented to other players.

The DeFi in GameFi

Many GameFi projects also implement various DeFi elements apart from straightforward transactions using their native utility tokens. 

They include yield farming, liquidity mining, and staking features to ensure adequate liquidity flow and enhanced token utility in the broader crypto ecosystem. In addition, these serve as passive income-earning opportunities for both players and crypto community members in general.

The Traps of the GameFi Industry

While everything seems rosy at first glance, digging deeper reveals a different picture. The shortcomings of the GameFi industry in its current state become evident the first time one embarks to play.

Expensive Buyin

Blockchain games don’t come cheap. So while anyone can access the game, they should have the necessary game assets and protocol tokens in their wallets to play. 

Unfortunately, in many cases, the game assets like characters turn out to be very expensive, especially to those who miss out on the presale and airdrops during the early days of the project. 

Additionally, transaction fees could rocket, depending on the blockchain protocol on which the game is built. 

No Entertainment Value

If that’s not enough, the GameFi is still a growing ecosystem with teething problems. If one is looking at these games purely for entertainment, they are bound to get disappointed. 

Most games don’t have any serious gameplay, and some are nothing more than expensive card games. Further, the involvement of serious gaming studios with multiple AAA-rated games under their belt in the GameFi sector is almost non-existent. 

Without the necessary expertise, the blockchain ecosystem’s limited functionalities could throw a spanner into one’s plans to earn while they have fun.

GameFi hacks are increasing.

Creators are rushing to ride the NFT and GameFi wave. As a result, there is a shortage of solid blockchain gaming projects. Many are churning out half-baked platforms, which are vulnerable to hacks and other malicious attacks. 

Meanwhile, the rush of investors and gamers wanting to get in early-on, irrespective of the cost, has driven the market capitalization and TVL (total value locked) of GameFi projects upwards. 

In the event of any of these projects getting compromised, the community and the creators stand to lose a lot.

Attacks and Impacts in GameFi

Hacking attacks are not new to the crypto space. While blockchain offers a secure, resilient infrastructure, the creations on top of the technology layer aren’t safe unless extra precautions are taken. 

The latest hacking incident that targeted Axie Infinity also happens to be one of the biggest hacks regarding funds stolen in the GameFi ecosystem. 

The attack witnessed hackers walking away with close to $600 million worth of ETH. According to security experts, the perpetrators involved in the incident exploited a backdoor in a Remote Procedure Call node to access a signature, which allowed them to make unauthorized withdrawals totaling 173,600 ETH using compromised private keys.

Now, the Axie Infinity project is built on its own Ronin Network blockchain protocol that enables players to interact with the project by bridging ETH and other cryptocurrencies using a cross-chain bridge. 

While parent firm Sky Mavis created the Ronin Network to overcome the high transaction costs of Ethereum protocol, lack of oversight and attention to cybersecurity measures inevitably created the circumstances that ultimately benefited the hackers.

Meanwhile, the incident left the affected users and the broader crypto community shocked and uncertain about their funds. Axie Infinity and Sky Mavis also took a hit to their reputation, not to mention the financial impact which forced them to raise another round of investments to compensate their community for the losses incurred.

Axie Infinity is not an isolated incident. In recent months, multiple GameFi projects and incubators have found their platforms and funds compromised.

Cybersecurity: Why do you need it for GameFi?

GameFi, just like crypto exchanges, trading platforms, and DeFi projects, deals with the community’s funds. Unfortunately, the increasing popularity of blockchain games and the rising value of their native crypto tokens make them attractive targets for criminals looking to score a fortune. 

As a result, these platforms are always at risk of being attacked, and the only thing that stops them from falling is a robust cybersecurity infrastructure and good operational practices.

GameFi and DeFi projects face cybersecurity threats constantly in three major forms.

Code Exploitation

Thousands, if not millions, of lines of code, go into building a GameFi project. Even a small deviation from the best coding practices and processes can create a potential security loophole that hackers can exploit to compromise the entire system.

Stolen Keys

Private key security is a critical aspect for any individual, especially for crypto-based businesses and GameFi projects. In the absence of a secure key management infrastructure, code vulnerabilities could cause the private keys to fall into the hands of hackers. 

Armed with private keys, they can easily transfer all the crypto assets stored in the wallet by signing transactions to any wallet using the compromised keys.

Hacked Devices or Networks

The best and easiest way to gain access to the private keys or project code is through the machines that store them. In addition, employees in charge of various aspects of the projects usually have access to critical infrastructure and sensitive information stored on their devices. 

By gaining access to such devices through hacking, phishing, or other means, cybercriminals may gain access to the wallets and smart contracts responsible for handling funds.

A glance at the recent Axie Infinity hacking incident points to three vulnerabilities that possibly contributed to the theft of assets. First, hackers exploited the code in RPC and gained access to the private keys. 

As per the official record of the incident, they used social engineering to gain access to the validator nodes, implying that the employees’ or prominent community members’ devices may have been compromised in the process.

How to Protect your GameFi project?

The only way to protect a GameFi project from cyber threats is by taking an overly cautious approach on each step.

It starts with ensuring error-free and fool-proof smart contract programs. Then, adopting a tried and tested blockchain protocol with a strong consensus mechanism and other security features like multi-signature transactions, etc. 

Finally, developers can augment by implementing conventional security controls like DDoS protection, intrusion prevention, and two-factor authentication solutions.

Apart from the cybersecurity infrastructure, operational procedures also play a role in mitigating risks. Therefore, irrespective of their size, GameFi projects should rely on best operational practices and enforce strict business controls wherever possible. 

While these steps help protect the GameFi infrastructure from external threats, projects should also take a more proactive approach to ensure the reliability of their products and the safety of funds. 

Subjecting the code to rigorous blockchain and smart contract audits to identify potential points of failure early on and fix them even before hitting the market is mandatory.

The supported wallets and dApps should also undergo vulnerability scanning to spot any shortcomings that could cause potential troubles in the future. 

And finally, by subjecting the project to penetration testing, security professionals can identify points of failure. They can simulate vulnerabilities in a controlled environment and advise appropriate preventive measures to fix any issues found during the process.


While there is no disagreement that GameFi may be the future of gaming, especially with rising interest among big and small game developers alike, projects in this ecosystem must be conscious of their offerings and impact. 

Currently, the sector has lots of room for improvement, and as long as projects continue to keep the community’s interests in mind, the growth trajectory will continue to look positive. The recent incidents in the sector have already shown the importance of cybersecurity and the consequences of ignoring security tightening.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Research and receive notifications of new posts by email

Interested in getting to know whether your systems are vulnerable to cyberattacks?

Tell us about your project

  • This field is required
  • This field is required
    • telegram icon Telegram
    • whatsapp icon WhatsApp
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,200+ Audited Projects

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo