Hackers stole about $600 million from a blockchain network connected to the popular online game Axie Infinity in one of the largest crypto attacks to date.
Computers known as nodes run by Sky Mavis, the maker of Axie Infinity, and Axie DAO that support so-called bridges — software that lets people convert tokens into tokens that can be used on another network — were attacked, with the hacker draining what is known as a bridge. Ronin consisting of 173,600 Ether and $25.5 million in two transactions. The hack occurred on March 23, but was only discovered on Tuesday, according to Ronin, the blockchain that powers Axie Infinity.
The attack is the latest to show that bridges are often problematic. Many computer code is not audited, allowing hackers to exploit vulnerabilities. It is often unclear who runs it and how exactly. The identities of the auditors, who are supposed to order transactions on the bridges, are often shrouded in mystery. However, there are thousands of bridges out there, moving hundreds of millions of dollars in cryptocurrency.
Wilfried Day, president of Securitize Capital, the asset management arm of Securitize Inc.
The price of Ron, a token used on the Ronin blockchain, fell by about 22% after the hack was revealed. AXS, a token used in Axie Infinity, is down about 8.5%, according to CoinMarketCap.
Ronen said on his blog that he is in contact with major cryptocurrency exchanges and with blockchain tracking tool Chainalysis to monitor the movement of stolen funds. Ronen also said he works with law enforcement. Ronen did not immediately respond to requests for comment.
The stolen funds went to two cryptocurrency exchanges, according to blockchain forensics firm Elliptic. Several exchanges have admitted to the hack without confirming that the funds were transferred there.
Huobi tweeted that it will “fully support Axie Infinity in the wake of the attack.” Sam Bankman-Fried, who runs the FTX crypto exchange, said in an email that he will help with blockchain forensics.
Ronin’s hack comes on the heels of the February attack on the Wormhole Bridge, which resulted in more than $300 million in losses that one of Wormhole’s sponsors, Jump Crypto, made up for. Other crypto bridges suffered alleged rug pulls when their founders disappeared and ran into problems when their main developers became scammers.
“In this case, the problem was that the bridge was too central — the theft came as a result of someone hacking the ‘verification contract’ on the Ronin Bridge,” said Tom Robinson, co-founder of Elliptic. “Money can be moved from the bridge if five of the nine validators agree to it. The hacker managed to get the private cryptographic keys belonging to five of the validators – so that was enough to steal the crypto assets.”
Bridge breaches can threaten the entire ecosystem of decentralized applications, called dapps, from games to lending services. Typically, the bridge takes the user’s ether and puts it into a smart contract. Then, it will issue the user an equivalent amount of so-called encapsulated Ether, which can be used on that particular non-Ethereum blockchain – like Ronin or Solana – to invest in dapps. If the underlying ether is stolen, the encapsulated ether becomes worthless, effectively leaving dapps and their users with huge losses.
“If a bridge has the power to mint coins, it’s like taking control of mints,” Yat Siu, co-founder of Animoca Brands, an investor in game studio Sky Mavis, said in an interview before the hack. “Bridges are the authorities at this point, and if they are poorly designed or have weaknesses, they become a major threat to the ecosystem.”
To save the entire Solana ecosystem from a direct hit, Jump Crypto bailed out Wormhole last month. Sky Mavis and Ronin have not announced any similar plans yet.
Business Standard has always strived to provide the latest information and commentary on developments that matter to you and that have broader political and economic implications for the country and the world. Your continued encouragement and feedback on how we can improve our offerings has made our determination and our commitment to these ideals even stronger. Even during these challenging times brought about by Covid-19, we continue our commitment to keeping you updated with trusted news, authoritative opinions and insightful commentary on relevant topical issues.
However, we have a request.
As we battle the economic impact of the pandemic, we need your support even more, so we can continue to bring you more quality content. Our subscription form has seen an encouraging response from many of you, who have subscribed to our content online. Further subscribing to our online content can only help us achieve our goals of providing better and more relevant content. We believe in free, fair and credible journalism. Your support with more subscriptions can help us practice the journalism we are committed to.
Support quality press and Subscribe to Business Standard.