When an established company in the fintech sphere suffers from a cyber attack, the impact is often seen immediately. This was not the case for the non-fungible token (NFT) Play to Earn company, Axie Infinity, which had $625million worth of a mixture of Ethereum and USDC stolen on the 23rd of March via its Ronin Network: six days went by before the biggest crypto heist to date was noticed. Read on to see how various executives from the crypto community responded to the hack.
Selling NFTs has developed into a lifeline for some in developing countries, as Play to Earn has established itself as a viable way of making a living. The best example of this is Axie Infinity, where players collect and mint NFTs which represent axolotl-inspired digital pets known as Axies. The Ronin Network, is a crypto network that helps power the game, developed by Axie Infinity publisher, Sky Mavis.
So why did no one notice the hack for almost a week? This could have been in part to the fact that it was not the NFTs, the Axies, themselves that were stolen; had this been the case, it may have been brought to light much sooner. Instead, it was the bridge the underlying assets that allowed you to convert the games proprietary tokens into Ethereum and then to cash, that was taken. Software engineer, Molly White, likens Axie Infinity tokens to chips in a casino: if a casino is robbed and has no money left to trade, users won’t receive any money for exchanged chips.
Since the hack, Sky Mavis has made efforts to restore the stolen funds, raising $150million in funding led by crypto exchange Binance. The Ronin Bridge has since been taken down and security and audit improvements are being made, but this could take weeks.
“In order for the global ecosystem to continue thriving and maturing, it is imperative that we work together, especially when it comes to security, which is our strong suit. We have seen the tremendous work and growth of the Sky Mavis team since working together on the Axie Infinity project on Binance Launchpad,” said Binance CEO, Changpeng Zhao, as the crypto exchange plans to raise funds and provides advisory services to help Axie Infinity grow. Binance Launchpad is not exclusive to Axie Infinity though and plans to help more projects reach their true potential.
We wanted to find out how detrimental this hack really was, and reached out to executives from across the crypto industry to hear their thoughts on the impact this would have on public trust of NFTs:
Billy Huang, co-founder of Luna Market
“I believe this should not put a dent in the public’s view of NFTs as long as Sky Mavis delivers on reimbursing their players and those who lost money. Axie has a great treasury balance, and a bright roadmap focused on NFT utility and gaming engagement. We believe this is more indicative of the use of untested side-chains (Ronin Network) and the lack of a decentralised validator system behind their blockchain. With only nine nodes in the entire ecosystem, it was much easier for hackers to compromise the network and drain users of their funds. When choosing a blockchain to build on top of, developers need to ensure not only the speed of transactions, but also the robust security of the layer 1 solution.
“People should not lose faith. Sky Mavis should have the funds and resources to reimburse their player base, but this calls into question the due diligence and naivety behind the developer team.
“The hack calls into question the security of the Ronin Network, not of Ethereum or any other renown blockchains. Decentralised applications and NFTs that are built on truly decentralised networks, like Ethereum, are safe from this type of attack due to the decentralised and distributed nature of the Ethereum network (think: more computers in network = less prone to attack). Ronin lacked the foresight to scale their validator network, so a singular attack compromised the entire network.”
Marie Tatibouet, CMO at Gate.io
“The Axie Infinity Ronin hack is not an issue with the metaverse, nor is it an issue with Axie itself. People must understand that. The reason why this hack happened and the reason why the Wormhole hack happened is because bridges are highly vulnerable cryptographic structures. Think about it, these bridges deal with millions and millions of dollars, but they don’t have anything close to the underlying security of major blockchains.
“Blockchains are kept secure because of their extensive network of validators. Bridges have a small fraction of these validators trying to secure so much money. What else is supposed to happen?
“Ethereum founder, Vitalik Buterin, has also been against the concept of inter-chain protocols. According to him, the future is multi-chain.”
Brian Shuster, founder and CEO of Utherverse.io and UTHER Coin
“It’s hardly going to impact the public’s view at all, because the public and especially the crypto community have become accustomed to the lack of transparency from crypto platforms. They already operate and invest in technology they don’t fully understand, so a hack like this, which is the equivalent of a nuclear bomb going off, will likely just cause the public to hide their head in the sand.
“A better question to ask is not will the public lose faith, but rather, should they. Immediately after this hack, Axie Infinity was appraised for £3billion and secured another $150million in funding. It’s a game with NFTs that has just been proven to be vulnerable to being hacked. With almost no negative market reaction, this sends a clear signal that the market currently is not concerned about how companies deal with the security of their own (or their customers’) assets, and that’s not something in which the market, or the crypto community in general, should have such blind faith.
“This hack is a giant red flag for crypto companies and investors showing that we’re Wile E. Coyote running off the cliff chasing the Roadrunner. We might feel as though we won’t fall if we don’t look down. But the fall is inevitable, and we should really be figuring out how to get back to land.
“Every crypto company should be looking at ways to protect the public and their users from this kind of cyber attack. At Utherverse, safety and security is the number one priority. It should be for all companies, otherwise cryptocurrency may fail to gain the trust of the general public and remain on the fringes. It could be a dot.com crash all over again with Axie Infinity being the new Pets.com.”
Gene Hoffman, president and COO of Chia
“From the security perspective, assessing a public blockchain can be done through two core questions: Is the consensus mechanism secure, and is the on-chain programming environment secure? We built the Chia blockchain to bring security to global finance, and we believe Proof of Space Time and Chialisp answer yes to both. These consistent and painful hacks and scams will remain a barrier to the adoption of blockchain and cryptocurrency and continue to significantly degrade individual and institutional trust in the technology’s viability at scale until applications are written in more secure programming languages on more secure chains.”
Nayeem Syed, chief vision officer at Exponentials.tv
“The Axie Infinity Ronin hack is the biggest hack to date on the blockchain world. I personally see it as an unfortunate but inevitable step in blockchain evolution. In the early days of physical ‘banks’, bank robbery was a lot easier than it is today. Similarly as blockchain technology evolves, it will become more and more difficult for hackers to make these types of exploits. We have some of the world’s most talented people working in these fields.
“Would it put me off blockchain-based investing? Definitely not. It’s worth noting that, unlike traditional robbery, digital money and assets leave a digital trace of how they are flowing through, so an amount of this size can be traced and tracked down by relevant bodies and law enforcement authorities. So it’s almost a matter of time before the hacker makes a mis-step, and for the hacker to launder this fund would be a lot more difficult than fiat money.
“While it is a very unfortunate situation to have one’s funds hacked, it’s only common sense to ensure funds are spread out and necessary security precautions are taken.
“One thing I do like to see however is a DAO mechanism between nodes so a general consensus can be created on the blockchains for reversing these types of transactions. That would essentially give us the ability for blockchains to reverse these types of transactions similar to how it’s been done by present day banking systems if you ring up your bank and you have been subject to fraud.”
Bryan Onel, CEO of Oneleet
“Some of the vulnerabilities and security shortcomings that led to the Ronin hack could have been easily prevented in hindsight. People are starting to realise this and are wondering how this could have happened and why it keeps happening. It was just a few months ago that the Poly hack happened in which $600million was stolen (the money was returned but sadly that is the exception rather than the rule).
“The main reasons these breaches happen are multifold. The primary reason is that the technology behind cryptocurrencies and DeFi are not mature and well-understood enough to be able to foresee some of these vulnerabilities. It takes time and experience to develop a threat model that will adequately cover all ways in which these technologies can be abused.
“It also doesn’t help that there is a current global shortage of cybersecurity professionals, with only a very small amount of those specialising in defensive crypto cybersecurity.”