Quick take:
- Axie Infinity has suffered one of the biggest attacks in crypto history.
- The gaming platform reported Tuesday that its Ronin Network had been exploited for $625 million.
- Crypto and gaming experts think it’s impossible to guarantee security as long as bridges are used on Ethereum.
Hackers have stolen $625 million from Axie Infinity’s Ronin Network. Ronin Blockchain posting on its Substack blog on Tuesday said the breach occurred on March 23.
According to the post, the attacker made two transactions, stealing 173,600 Ethereum and 25.5 million USDC. The cybercriminal used hacked private keys to execute the withdrawals.
Sky Mavis’ Ronin Network requires 5 out of 9 validator nodes to complete a deposit or a withdrawal event. The attacker successfully hacked his/her way to gaining control of Sky Mavis’ 4 Ronin validator nodes while the fifth validator node was stolen from a third-party validator run by Axie DAO.
Cryptocurrency transactions use decentralised validator key schemes to reduce the attack vector.
Non-ethereum platforms that want to enable ETH transactions use bridging protocols to make this possible. However, according to experts, as long as, platforms continue to use bridging protocols to tap into Ethereum’s massive user base, it may not be possible to guarantee security.
In an exclusive comment, Simon Vieira, CEO and Game Producer of Mixmob told NFTgators “As long as bridges are used on Ethereum, there may be no assurance. Ethereum based games may need to wait for Zero-Knowledge Rollups (ZKR) for better security.”
Drawing parallels to Axie, Vieira said that Mixmob is built on the proof-of-stake L1 blockchain, Solana. Therefore, “it does not [carry] the Ronin risk.”
However, Krystal Yang, CEO and Founder of Ignite Tournaments offered a slightly different opinion, pointing out that the attack was not on Axie, but rather, the validators of the Ronin Network were breached. “No AXS, RON, or SLP was lost – it was specifically ETH and USDT, which are technically bridged assets.”
On the other hand, Vijay Pravin, Founder & CEO of BitsCrunch took a more expansive view of the incident pointing to the fact hacking is not limited to crypto or P2E gaming. “When it happens in one of the top P2E spaces, it is definitely disappointing, but the team can figure it out given some time,” adding that it is about tightening the security protocols as the industry continues to evolve.
Ronin Blockchain’s team holds similar views to Pravin’s. Explaining to the users the safety of using the platform, the team said that Ronin was not immune to the rampant attacks and exploitation.
“This attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats,” Ronin Chain wrote, adding that it was working to deploy the most sophisticated security measures and processes to prevent future attacks.
The team assures users that any accounts that were affected by the breach will be fully reimbursed after establishing that most of the stolen funds are still held in the attacker’s wallet.
Ronin Network also said it was working with relevant government authorities to ensure that the criminals are brought to justice.
The platform has temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Subsequently, it has halted Katana DEX.
The company is working with Chainalysis to track the stolen funds after confirming that 6,250 ETH has been transferred to different addresses.
This is not the first time hackers have exploited cross-chain decentralisation networks. Last August, a hacker stole $611 million from cross-chain DeFi platform Poly Network. However, the platform managed to track down and take back a majority of the stolen funds.
This implies that crypto hacks are unlikely to disappear any time soon. However, it does not necessarily create a dark cloud over P2E gaming, especially those built on L2 scaling protocols.
Bitscrunch’s Pravin said that although it could affect P2E gamers mentally in the short term, it is unlikely to curtail the growth of the industry. “I just see it as a passing cloud as there is a huge scope for P2E in the coming years.”
Mixmob’s Vieira echoed those remarks, particularly highlighting the fact early adopters are used to seeing such exploits. “I don’t think so,” he said. “Look at Defi— suffered multiple attacks but it’s still growing and improving.”
On the other hand, Ignite Tournament’s Yang thinks that gamers will have to play a role in ensuring the reduction of platform attacks.
“If gamers want to ensure their funds are safe, they need to do their own research and make sure the protocol the funds are with has been audited by a reputable security firm that conducts ongoing security and penetration testing,” she said.
Stay up to date: