On March 23, infrastructure for the popular blockchain game Axie Infinity was hacked, with the responsible party successfully transferring roughly $600 million worth of Ethereum and stablecoins from the network.
Interestingly, developers Sky Mavis were unaware that Axie Infinity was hacked until March 29, nearly a week later. According to a Substack post from Ronin Network, their sidechain was exploited when the hacker was able to gain control over five of the nine network validator nodes.
Four of these nodes were controlled by Sky Mavis, the creators of Axie Infinity, and one node was privately owned. After gaining control of these nodes, the attacker was able to sign and falsely validate two transactions, allowing them to drain users accounts of over 173,000 ETH and 25 million USDC.
After discovering that Axie Infinity was hacked through this exploit, Ronin Network halted their Ronin Bridge and Katana Dex and announced that they are “working with law enforcement officials, forensic cryptographers, and [their] investors to make sure all funds are recovered or reimbursed.”
The COO of Sky Mavis Aleksander Leonard Larsen stated to Bloomberg that the company is “fully committed to reimbursing [their] players as soon as possible,” but they are “still working on a solution.”
Predictably, many bystanders see this story as evidence that blockchain technology is inherently flawed and unable to provide the security touted by its most ardent defenders. However, it’s important to keep in mind that the exploit didn’t affect the Ethereum blockchain, only a much smaller sidechain with highly centralized validator nodes.
A more decentralized blockchain such as Ethereum or Bitcoin can’t be cracked as easily; while they could be exploited in a similar manner via a 51% attack, this would require exponentially greater effort due to the size and decentralization of their respective networks.
It’s yet another strike against blockchain technology and NFTs in gaming that’s sure to dissuade even more gamers from supporting its adoption. What’s worse is that before Axie Infinity was hacked, it was touted by crypto fanboys as a successful use case of the tech in gaming that offered more than tacky cosmetics, shady fundraising, or a glorified slot machine.
This is a major setback for parties interested in a worthwhile and beneficial adoption of blockchain technology in video games. Hopefully, Sky Mavis and Ronin Network can recover the stolen funds, restore faith in their users and the gaming community at large, and take steps to correct their past mistakes like Hello Games did with No Man’s Sky.