Blockchain behind 'Axie Infinity' suffered a hack of historic proportions
The purported amount of money stolen during a security breach on Ronin Network.
In an official announcement today, Ronin Network, a blockchain supporting the crypto game Axie Infinity, said it suffered a major security breach in which hackers made off with close to $625 million worth of Ethereum (ETH) and USD Coin (USDC). The digital heist is apparently the largest theft of all time within the decentralized finance (DeFi) space.
According to the announcement, Sky Mavi, a game studio focused on the development of crypto-based video games, and owner of both Ronin and Axie Infinity, identified the hack after a user attempted to withdraw 5,000 ETH from the Ronin bridge to no avail. Following this, the attack was discovered as having taken place last week. The specifics:
Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions.
Upon learning about the hack, the Ronin bridge, which facilitates transactions across the company’s blockchain, has been frozen to “ensure no further attack vectors remain open.” Additionally, Ronin has stated that it will be working with “law enforcement officials, forensic cryptographers, and our investors [Axie Infinity players] to make sure all funds are recovered or reimbursed.”
A new age of finance? — One of the calling cards of DeFi networks is that they can democratize finance by allowing for complete transparency and total ownership over a given sum of money in the form of various cryptocurrencies. However, these alternative financial systems are still penetrable by bad actors, and the Ronin Network breach is the latest in a string of high-profile attacks that includes a $611 M hack on Poly Network last August and a $322 M hack on Wormhole’s token bridge in February.
To recognize any transaction over the Ronin chain, the system requires signatures from five out of the nine validator nodes. The hacker was able “to get control over Sky Mavi’s four Ronin Validators and a third-party validator run by Axie DAO,” and effectively override the transaction security in place, before ultimately withdrawing an enormous amount of money without setting off any alarms. As of this writing, the stolen funds are still visible on Etherscan.
Moving forward, the Ronin Network will require signatures from eight of the nine validator nodes to authorize any future transactions.
“This hack proves just how important sidechains are.”
“There are two ways of looking at it,” Guy Gotslak, President of CryptoIRA exchange My Digital Money said in a statement shared with Input. “First, this whole incident demonstrates part of the purpose of a sidechain. This hack proves just how important sidechains are.”
“As bad as it is for those who got hacked, it also demonstrates how sidechains protect the parent blockchain, and individuals using it get alienated from how others are using it,” Gotslak said. “There is no need to completely open the whole blockchain for a specific purpose.
“Then there's the other part: It demonstrates just how much Ronin failed [to] create an ironclad code. They are one of the biggest, if not the biggest, play-to-earn game on the blockchain. You would think that, as a company, the protection of your gamers and users would be top priority.”
Axie Infinity is a crypto-based game that allows users to purchase and then develop creatures known as Axies. Aside from using them to battle other Axies, users can make money by selling their creatures in the form of an Axie NFT.
“I will be interested to see what they do next,” Gotslak said. “Will a fork happen? Will they reverse time and return all the hacked tokens? The majority of Axie Infinity, as far as I know, is in Asia. This was, in fact, the main source of income of many unemployed people during the pandemic. I personally think they were the reason Axie grew to its size. Personally, I believe they deserve to get their coins back and fast.”