Last week Sky Mavis, the Vietnam-based company behind the crypto game Axie Infinity, revealed that a hacker has stolen hundreds of millions of dollars worth of crypto from its blockchain. Sky Mavis realized it had been attacked when a user was unable to withdraw funds six days after the breach, and the company froze transactions on its compromised Ronin Network bridge.
Nu Sky Mavis announced it has received $150 million in investment that “will be used to ensure that all users affected by the Ronin Validator Hack are reimbursed.” At almost the exact same time it launches a new version of the game, Axie Infinity: Origin† According to Sky Mavis CEO Trung Nguyen, “As a team, we made a deliberate decision to focus on what lies ahead.”
Other crypto companies we work with: Axie Infinity and Sky Mavis – and huge sums of money stuck in Web3 and NFTs – lead the list of names that have bought into saving Sky Mavis rather than potentially seeing it collapse. The list includes crypto exchange Binance, Web3-promoting venture capital firm A16z and Animoca Brands, owner of The Sandbox.
Now Sky Mavis says it plans to reopen the Ronin Network bridge after it undergoes a security upgrade and audits to try to detect if there are other weaknesses. Binance (which has just invested in the game) has reopened trades with the network, and according to the exchangethat means that “all individual users can withdraw their funds.”
The Sky Mavis team says the March 23 heist (which again went undetected until March 29 when a user attempted to withdraw funds and was unable to) was “socially designed”, taking advantage of vulnerabilities from compromises made while attempting to achieve regular adoption. While they remain committed to completing players using their own money combined with the investments, the 56,000 Ether stolen from the Axie Infinity DAO’s treasury will remain “collateral” as the company and law enforcement attempt to unlock the crypto. to get back. Their plan is to wait two years and then let the DAO vote on what to do next.
As for the stolen funds, about 168k Ether (worth over $540 million at the moment) stay in the wallet where the thief or thieves left them† Attempting to launder loot of that magnitude is a problem, as anyone can see transactions on the blockchain. As we explained in 2013, crypto mixers or tumblers can obscure the source of funds, but law enforcement agencies are even more careful about that, and laundering such a huge amount can take a long time.
A report from The Wall Street Journal quotes the CEO of bug bounty platform Immunefi as saying it can take years to move that much money through a tumbler. Industry watchers like Peckshield keep posting alerts in real time while tiny fractions of the stolen crypto from the thief’s account shifts to other wallets and to mixers like Tornado Cash.
Nguyen says the Ronin network will expand the number of validator nodes on its proof-of-stake blockchain network from five to 21 over the next three months to bolster security. Having fewer nodes to review transactions makes things faster and more efficient. Still, if someone compromises enough of it, it can be a security risk – in this case, the attacker took over five of the nine nodes and could withdraw any money they wanted.
4/ We thank everyone in the community for their patience as we rebuilt the Battle system from scratch to make it more fun, beautiful and engaging. This is a huge step for the Axie Infinity ecosystem and it took the support of every community member to make it happen. pic.twitter.com/gAMTe4qkxD
— Axie Infinity (@AxieInfinity) Apr 7, 2022
Before the hack took place, Axie Infinity already experienced a 45 percent drop in daily active users, as reported by Bloombergand in-game economy issues that caused operators to reduce the number of SLP tokens players could earn each day through PVE play (the game’s appeal is that you can play to earn money from NFT characters you’ve purchased access to ) in two“with the long-term health of the ecosystem in mind.”
Despite the theft, the company just launched an “Early Access” alpha version of its next game, Axie Infinity: Origin (another planned spin-off, Country, invites players to take on the fun role of ‘land barons’. This new “ecosystem experience” would be more welcoming to a global audience (Axie Infinity claims over 2.2 million monthly active players, and a player tracker shows about 40 percent are in the Philippines, where many rely on it as a full time job), featuring “brand new interfaces, game mechanics, art, special effects, storylines, and an expanded onboarding experience.”
Most importantly, unlike the base game, players start with three free “axes” to battle with. While their free axes don’t allow participation in the “earn” portion of “play to earn” the idea is that it’s a way for people to try out the game without having to buy or purchase an NFT character. hiring a manager player who rents access in exchange for a cut in earnings. As the announcement states, “Finally new players can learn the game and fall in love with the universe before they have to touch crypto and NFTs!”
The developers say that the current Battles v2 (Classic) version of the game will remain live until they complete testing, after which the old version will be terminated and token rewards will be moved to Origins, giving the valuable incentive to play the older game is taken away. Players who are enticed to create a Ronin wallet and fund it with cryptocurrency to buy axies can be reassured that users will be reimbursed after the big heist, but is that enough to convince someone it won’t anymore to happen?