173.6 Ethers and 25 million USDC tokens. Axie Infinity has suffered a hacker attack that has been made with loot equivalent to $625 million. The attack was carried out on March 23, but apparently the owners of the platform did not realize the hack until the morning of March 29. And all, because a user denounced through a ticket that he could not withdraw the money from him using the platform’s Ronin bridge. Is someone behind the wheel of Axie Infinity?
Axie Infinity suffers a historic theft: where has the origin of the problem been?
It was sold as the definitive video game. A crude copy of Pokémon, but with creatures that are something like potatoes with eyes. The grace of Axie Infinity is that each creature is a unique NFT. To play, you have to invest several thousand dollars to get three Axies. Then, they promise us that everything is sewing and singing. Fight, “play” and earn money. Axie Infinity is one of the first ‘play-to-earn’ games. The future of video games.
But the one who has really won has been the hacker who has done with Over $600M Exploiting a Ronin Bridge Vulnerability which uses Axie Infinity. The hacker, about whom practically nothing is known —and we assume that, due to his professionalism, he does not belong to Team Rocket— discovered that the bridge used for Axie Infinity withdrawals, Ronin, a side chain property of Sky Mavisuse nine validator nodes to authorize transactions. With such a small number of signatures, he felt it was easy to get hold of the loot. For his mission, he only had to take control of five of the nine nodes. And so he did. He managed to manipulate four Sky Mavis nodes and an extra validator run by Axie DAO.
Will Axie Infinity get the money back?
It doesn’t look like The movements by the company after learning of the attack have been rather to prevent a future attack using the same modus operandi. In just 24 hours, the number of validations has increased from 5 to 8. Affected nodes, which have been removed from healthy Ronin infrastructure, are also migrating.
There was already an almost identical case
As Gizmodo points out, a practically identical case happened in August of last year on the network of poly network. A hacker managed to drain the equivalent of 600 million dollars from this DeFi network. Much of the funds managed to be withheld, but the hackers managed to withdraw $30 million through the Crypto.com platform after what appeared to be an oversight.
When attacks of this type occur, the debate is often opened as to whether the security and decentralization of cryptocurrencies are their true value, taking into account that cyber attacks continue to occur. Cases like this show that the more validators a blockchain has, the more robust it will be, while also highlighting the important role of maintenance in this type of system.