The world isn’t always a safe space, particularly in a gaming community where technology evolution speed sometimes favors the bad.
Axie Infinity is an animal farming game where plays can sell their creations via the Ethereum blockchain. Think Pokemon in terms of a comparable experience. But where there is crypto, there is the potential for scams. Because yeah, crypto isn’t insured by the FDIC. That’s the point of crypto, but also motivation for scammers looking to grab cash and leave little to not trace.
In this case, the scammers raked in a stunning $600 million via an intricate hack. This makes it one of the largest crypto hacks ever.
So how did the hackers scam Axie Infinity?
Axie leverages technology known as a sidechain, or properly named, Ronin. Typically, if you set a game up using Ethereum, there’s all types of transaction (gas fees) associated with moving the currency. Ronin alleviates this and allows seamless transfer of Eth funds. But this makes Ronin it’s own independent blockchain experience; and thus, it offers new security details.
In order to play Axie, a gamer must have an Eth and Ronin wallet. The gamer’s Eth must enter the Ronin wallet during any transfer process. This is how you purchase the animals.
Somewhere in the process, likely at the Ronin level, a hacker found an exploit and ripped over 170,000 Eth. At the time, the value of Eth made this steal a $600 million plus grab. That’s huge.
Woops.
As you can imagine, Axie players aren’t thrilled.
Worse more, it appears Axie contributed to the exploit by allowing decentralized autonomous organization access and never revoking that access once it wasn’t needed.
Supposedly, the stolen funds remain in the thieves wallet and Axie believes they can recover a good portion.
“As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats,” Sky Mavis wrote. “We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks.
“ETH and USDC deposits on Ronin have been drained from the bridge contract. We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our top priority right now.”
Events like this can do limitless damage to a game’s reputation, even one as popular as Axie Infinity. In the day and age of Cryptocurrency, it is important that all games maintain ever-evolving security protocols. Equally, as a gamer, make sure you follow proper safety precautions when interacting online. Clearly in the case of the Axie Infinity scam, gamers did nothing wrong.