A $600 million problem

Someone has this problem right now. They have the currency. It is sitting there looking at them. Their problem is that everyone else can see it as well. When they move it, that will also be visible.

The blockchain is permissionless BUT it is not anonymous. Check out the hacker’s account here on Etherscan.

The funds were hacked from Axie Infinity, which was drained of 173,600 Ether and 25.5 million USDC tokens in two transactions on 23rd March.

Axie explained

For those who do not engage with the small yellow beasties known as Axies, the game is billed as an online universe where you can buy land, engage in battles and trade stuff on the in-house marketplace.

All you do is buy a few Axies via your digital wallet, then take off into the universe and join the million or more daily active players. Yes, read that again. Over one million players each day. So said Axie’s official Twitter account on 6 August 2021. One site that keeps track of such things reports that the Axie Infinity player count is now over 2 million per day.

Making history

Axie Infinity Universe has its own cryptocurrency with the ticker symbol $AXS and in August 2021 it became the first NFT project to hit $1Bn in all-time NFT trading volume. One of the co-founders tweeted that it was ‘history in the making.’

Absolutely true. Then in March this year, Axie Infinity made history again. The hack put them at the top of Rekt’s leaderboard, making them the unlucky winners of the prize for the most expensive crypto theft ever.

Ordinary mortals might think that if you managed an organization that had zillions of dollars, you would put strict security arrangements in place. They did, but they also came smack up against the truism that you don’t know what you don’t know.

Activity on the Ethereum blockchain grew so fast after its launch in 2015 that a few years later, there was a traffic jam. A really big traffic jam. It is still there, which is why it is so expensive to interact with the Ethereum mainnet.

Numerous enterprising souls looked for ways around this technological hiccup. One of the solutions that gained traction was to conduct business on a sidechain and then build a bridge to join the sidechain to the Ethereum mainnet. Once tokens have been properly certified, then tokens of the same value are issued on the Ethereum mainnet. It is up to the bridge that joins the two together to validate the transaction. This is known as ‘lock and mint.’

Expensive hiccup

The owners of Axie Infinity chose to build their own sidechain and bridge, called the Ronin Network, which enables their users to play and trade faster and cheaper. Then the Ronin Bridge connects to the Ethereum mainnet so that everyone can move their crypto around or change it up into fiat currency.

The hacker managed to find a backdoor in the Ronin Bridge. The owners (Sky Mavis) have released details of what happened and are ‘in the process of implementing rigorous internal security measures to prevent future attacks.’ Of course they are, because now they know what they didn’t know before. Namely, there’s a hole in the bucket. So fix it.

Meanwhile, the hacker still has a $600 million problem.

Enter email for monthly NFT Directory updates.  Just the good stuff.