In the latest blockchain-related hack, a hacker or group of hackers successfully stole about $625 million from the blockchain that powers the Axie Infinity NFT game.
Axie Infinity NFT Game
Since NFTs became mainstream, NFT games have been among the most significant NFT and Web3 growth drivers. More companies and industries adopt NFT technology for their activities, but few have had more success than NFT games.
Sky Mavis is the company behind Axie Infinity and Ronin, and on Tuesday, March 30, the company revealed the attack against its system that resulted in one of the most expensive and scintillating losses of assets in NFT history.
Shortly after the heist, the company froze transactions on the Ronin Bridge, and this is noteworthy because the Ronin Bridge is what allows the depositing and withdrawing of funds from Sky Mavis’ blockchain.
Sky Mavis built its Ronin blockchain to give the company more control of processing speeds, price, and general user experience. Creating a dedicated Ronin blockchain isn’t a move isolated to Sky Mavis. It has become a good case practice adopted by a considerable number of players in the gaming NFT space.
Going through the stories about the causes of the Sky Mavis hack, one factor that becomes glaring is incompetence. The hacking episode could have been completely avoided if the team behind the Ronin blockchain had taken better long-term decisions rather than short-term fixes that compromises the system in the long term.
Axie Infinity & the Ronin blockchain
According to Sky Mavis, the hacker(s) successfully stole 173,600 Ethereum worth more than $600 million at the time of curating this piece and 25.5 million USDC; USDC is a stable coin pegged to the US Dollar.
On Wednesday, March 23, the heist focused on the Ronin blockchain. The attacker successfully compromised network nodes to validate transfers through the blockchain, according to the company.
By compromising the network nodes, the hacker could withdraw substantial quantities of Ethereum and USDC for days unchecked. Until Tuesday, March 29, the attack was uncovered when the hacker attempted to withdraw a further 5,000 Ethereum through the Ronin bridge.
According to a statement by Sky Mavis, the company is “working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds,” calling that its “top priority.”
What does this mean for Sky Mavis and its investors?
Without mincing words, the recent hack has been a disgrace for Sky Mavis, and it shows a serious issue within the organization. All systems are vulnerable to hackers, but for a hack to go undiscovered for almost a week, something within the organization is fundamentally wrong.
Sky Mavis said the Ronin breach was possible because of a shortcut the company implemented in November 2021 to relieve the “immense user load” on its network.
Naturally, users, investors, and the general public will be skeptical and scared about transacting with the company. We may begin to see a run on the system by investors and players trying to withdraw assets once transactions restart.