Atari’s New Blockchain-Based Asteroids Game Rankings Hacked with Ease

Developers at Stackr Labs, a company specialized in developing web3 applications in the blockchain industry, have identified a serious vulnerability in the newly launched Atari title, which was supposed to be built as a blockchain game.

Everyone remembers the famous Asteroids game. It’s been redone numerous times over the years, but the original remained in the public consciousness. Recently, Atari, the original developer of the classic game, announced a new release of Asteroids, this time built on a blockchain. This is not a new concept, but Asteroids is famous enough to attract attention.

According to a report from HackRead, Stackr Labs revealed that the game is not actually built as advertised, and anyone can mess with the rankings despite being touted as safe. One of the features of blockchain is security, which is precisely why people started to look closely at Asteroids.

“We hacked @base and @atari ’s arcade and sabotaged the leaderboard without playing a single game - And this is why people have trust issues with crypto apps. ‘On-chain’ is becoming a throwaway term for a majority of consumer tech. As a community, we should be doing better than this,” said Stackr Labs CEO Kautuk Kundan on Twitter.

“An on-chain app is not just about minting an NFT and calling it a day, it should actually mean something,” he added. “At the very least, i should not be able to manipulate the scores just by sending API calls to web2 servers. Even if the app runs off-chain, it should produce commitments that are on-chain verifiable.”

In short, they figured out that it’s easy to manipulate the rankings without even playing the game just by intercepting an exposed API call. This meant that the leaderboard was meaningless -- anyone could hack it.

Kundan also uploaded a proof-of-concept video showing exactly how it can be done. To put a cherry on top, the team also developed a new game called Comets that works as Atari advertised.