Liskgame.com Hack [upd] «2024»
The Liskgame.com hack is a cautionary tale: code shortcuts and insufficient server-side safeguards expose users and projects to real-world harm. Meaningful remediation requires technical fixes, policy updates, and cultural shifts toward responsible disclosure and continuous security investment. Only by treating security as integral—not optional—can small platforms withstand the incentives that turn curiosity into malice.
| Feature | Tech Stack | Security‑Relevant Details | |---------|------------|---------------------------| | | Node 18 (Express), PostgreSQL (RDS) | Passwords salted + Argon2id; JWT‑based auth | | Crypto Wallets | Lisk SDK, client‑side signing | Private keys never stored server‑side | | Leaderboard / Stats | Third‑party microservice (Python Flask) hosted on a separate VPC | Exposes public API keys | | Asset Storage | AWS S3 (static assets, user‑uploaded avatars) | Public read, private write | | CI/CD | GitHub Actions → AWS CodeDeploy (Blue‑Green) | Manual approvals on prod deploys | liskgame.com hack
| Metric | Value | |--------|-------| | | ~1.2 M users (email, Argon2id hash, wallet address, last‑login timestamp) | | Financial Exposure | No on‑chain funds stolen (private keys never stored). However, ~ $1.8 M worth of in‑game tokens were minted fraudulently before the breach was contained. | | Service Downtime | ~3 hours of API outage (partial degradation for 12 hours) | | Regulatory | GDPR “personal data breach” notification filed (72‑hour deadline met). | | Reputation | Social‑media sentiment dropped by 32 % in the week following the disclosure. | The Liskgame
Here’s what I can tell you based on available information: | Feature | Tech Stack | Security‑Relevant Details