Axie Infinity suffered the biggest DeFi hack of all time
Category: Blog
Last week, in what’s being called the largest DeFi exploit ever, roughly $625 million was stolen from the Ronin Network, a blockchain “bridge” built by the makers of the popular crypto game Axie Infinity to allow players to move crypto between the game’s Ronin blockchain and the Ethereum network. The incident was the latest in a string of hacks targeting bridges, which are tools that allow users to move crypto from one blockchain to another. The hack sent the prices of both the Ronin blockchain token RON and Axie Infinity’s main token, AXS, tumbling. Let’s take a closer look on what has happened.
Hack was found almost 1 week late
The attack was discovered on March 29, nearly a week after it happened, when a user was unable to withdraw 5,000 ETH from the Ronin Network. Axie developer Sky Mavis investigated and found that 173,600 ETH and 25.5 million USDC had been drained from the Ronin Network on March 23 in two transactions. The hack follows a similar exploit in February, when around $320 million was stolen from the Wormhole bridge.
How was the Ronin hack possible?
One key factor was the surprisingly centralized nature of the network, which required approval from just five of nine “validators” to move funds — a vulnerability the hacker took advantage of by acquiring private keys belonging to five validators. Validators are simply computers that help process transactions made on a blockchain. As one of Sky Mavis’ major investors told Bloomberg prior to the hack, “If bridges are designed badly or have vulnerabilities, they become a huge risk to the ecosystem.”
RON & AXS prices dropped precipitously
In the wake of the hack, RON is down approximately 19% and AXS is down about 10%. In a statement, Sky Mavis COO Aleksander Leonard Larsen said “we are fully committed to reimbursing our players as soon as possible.” The stolen funds included the deposits of players, many of whom live in developing nations such as Brazil, the Philippines and Venezuela, as well as 56,000 ETH from the Axie Infinity treasury.
A major question remains — how will the refund be paid?
Unlike the Wormhole hack, in which the funds were almost immediately replenished by the investing firm Jump Crypto, there isn’t a well-heeled investor ready to serve as a backstop for Axie’s lost funds. Fundraising opportunities for Sky Mavis could include selling tokens related to Axie, including AXS and RON, to major players at a discounted price. The company could also sell off some Sky Mavis equity to raise cash, or propose a vote to its community that would allow it to liquidate some of its $1.6 billion community treasury to repay losses.
Why does it matter to all crypto investors?
As the crypto ecosystem continues to evolve, bridges are becoming a major component. And because their code has to be compatible with multiple blockchains, they’re especially tricky to build. Ronin has quickly moved to increase security by replacing the compromised validators and increasing the number of validators required to approve transactions. But what should users do? Do your own research and make sure that the smart contracts you interact with have been audited, for one.
How to keep your crypto safe?
TOP3 Recommended Crypto Exchanges:
