The hugely popular NFT-based video game Axie Infinity is the victim of one of the biggest hacks in the boiling decentralized finance industry.
The case is already making a lot of noise. And for good reason, we are talking here about the equivalent of hundreds of millions of dollars stolen through a network linked to the online video game Axie Infinity. With 2.5 million usersit is a very popular game, especially in Asia.
Its principle is based onpurchase of small creatures, called “Axies”that the players develop in a dedicated universe. Goal: Have them battle each other to earn rewards. All associated with an NFTi.e. non-fungible tokens, these creatures are bought and sold within the game itself through cryptocurrency transactions. Everything is based on a blockchain-based payment network.
This network, called Roninis this called a decentralized applicationor “dapp”, which refers more generally to the multiple developments in the decentralized financeWhere Challenge). A booming sector involving a host of players, ranging from video games to investment, payment or credit platforms in line.
the hack in question dates back to March 23. But it’s only Tuesday that Sky Maviswhich is both the parent company of Ronin and the publisher of Axie Infinity, has discovered the security flaw. The company was notified by a user who could no longer withdraw his cryptocurrencies. Some 173,699 ethers and 22.5 million USD coins were stolen, i.e. the$615 million equivalent at the current price of these cryptocurrencies.
“We are working with authorities, cryptographers and our investors to ensure that all funds are recovered or refunded.”
It is undoubtedly aboutone of the biggest hacks in decentralized financemore and more prey to the phenomenon. Last August, $611 million had also been stolen from poly networkanother such platform. According to data from blockchain research firm Chainalysis, some $2.3 billion was stolen from decentralized finance platforms in 2021a jump of 1,330% compared to the previous year.
“We are working with authorities, cryptographers and our investors to ensure that all funds are recovered or refunded,” Sky Mavis says. The investigation is still ongoing, but the hacker(s) would have obviously used private keysor the passwords needed to access the cryptocurrencies.
The “bridges” in question
According to experts, the fault would be located especially at the level of “bridges”essential elements in the operation of decentralized finance. It is sort of bridges that connect one blockchain to another in order to transfer cryptocurrencies between different ecosystems. In this case, the hacker(s) were able to penetrate the channel between the Ronin blockchain and the ethereum blockchain, for example, which supports the ether cryptocurrency.
“Bridges play the role of authority at this point, and if they are poorly designed or have vulnerabilities, they become a huge risk to the ecosystem”
“The bridges play the role of authority at this stage, and if they are poorly designed or have vulnerabilities, they become a huge risk for the ecosystem”, explained to the Bloomberg agency Yat Siu, co-founder of Animoca Brands, a player specializing in NFTs and the blockchain. Many are also those who evoke in this regard an “area still under experimentation” .
The problem was even recently singled out by Vitalik Buterin in person, the very famous founder of the ethereum blockchain and the ether cryptocurrency. For him, bridges should not impose themselves any longer in the crypto universe, as they present “fundamental security risks“.