How Axie Infinity suffered one of the biggest crypto heists in history

How Axie Infinity suffered one of the biggest crypto heists in history

Axie Infinity– a blockchain-based video game where players battle each other with NFT monsters – is one of the world’s most popular play-to-earn games. The colorful, fantasy fighting game has become a financial lifeline for millions across Southeast Asia by rewarding its massive user base with in-game currency that can be converted into real-world money.

“I found financial freedom,” Pablo, a Filipino teacher and one of them Axie Infinity‘s many eager players, told Fortune in a recent feature film about the groundbreaking game. But Sky Mavis, the Vietnam-based developer behind the game, has learned that great financial power comes with great responsibility.

When Axie Infinity’s user base skyrocketed last year, and the value of the in-game cryptocurrency – Smooth Love Potion (SLP) – went into hyperinflation, forcing the developers to implement radical monetary policy measures that decimated players’ earning potential.

So at the end of March, Axie Infinity suffered from one of the world’s biggest crypto heists. A hacker made off with roughly $620 million of the company’s crypto assets, dealing another blow to the game’s millions of players, many of whom treat gameplay like a job.

David Hsiao, CEO of the crypto magazine Block Journal, told Fortune the hack could “destroy all companies involved,” simply because of its size. “This is one of the biggest hacks ever,” Hsiao says, and Sky Mavis “may lack the monetization, insurance and/or investigative capabilities to trace the funds.”

How Axie was hacked

The story behind the hack begins in April 2021, when Sky Mavis transferred the game from the Ethereum blockchain to a split “sidechain” called Ronin. The migration was intended to make it easier for players to join the game and trade assets, such as non-fungible tokens (NFT), by making transactions faster and cheaper. And it worked.

See also  The scariest cyber attacks of 2022

Just after the shift, the number became Axie Infinity players increased, peaking at 2.5 million daily active users by the end of 2021, up from around 38,000 in April. The price of SLP—which Axie Infinity uses to reward players – also skyrocketed, increasing by 1000% in the week after the game moved to Ronin.

SLP is useless in the real world, but Axie Infinity players can convert the virtual token into Ether – the native cryptocurrency of the Ethereum blockchain – and then cash out into fiat currency. At least that was until a hacker infiltrated the Ronin network on March 23 and stole the funds Axie Infinity used to finance these withdrawals.

The Ronin network requires all transactions on the blockchain to be approved by five of nine “validators” – entities that sign off on any deposit or withdrawal from the network. It’s small compared to other blockchains: the main Ethereum blockchain has over 300,000 validators, while control over Ronin’s validators is limited to a handful of entities.

Four of Ronin’s compromised validators were controlled by Sky Mavis, while the fifth was controlled by Axie The DAO, the decentralized autonomous organization that represents Axietheir community. However, in November 2021 Axie The DAO allowed Sky Mavis to approve transactions on its behalf to help the developer handle “a huge user load.” The deal was closed a month later – but Sky Mavis forgot to withdraw permission to sign for Axie DAO.

That meant the hacker could easily gain control of the Ronin network just by breaking into Sky Mavis — and then authorize transfers of roughly $620 million in cryptocurrency to his or her own accounts, draining the Ronin network of its Ether and other crypto reserves.

See also  Graham's Top 5 PS5, PS4 Games of 2022

Player income on break

The game’s developers only discovered the hack a week later when a Axie Infinity player tried to withdraw and the Ronin network did not have enough liquidity to cover the exchange.

In response to the hack, Sky Mavis temporarily suspended the Ronin blockchain, preventing anyone from depositing or withdrawing money, and promised to refund player losses.

In a statement given to Fortune after the hack, Yield Guild Games – a company that lends NFTs to Axie Infinity players in exchange for a portion of their earnings from the game — noted that players “can keep playing Axie Infinity and accumulate their earnings,”—but will not be able to “cash out their SLP via the Ronin Bridge” until Sky Mavis reactivates the service.

Sky Mavis has not yet announced when it might reactivate Ronin, but said new validators will be added to the Ronin blockchain “in the coming weeks.”

But hacked and Axie InfinityThe radical monetary overhaul has caused some players to question the value of their gameplay.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *