The popular video game Axie Infinity has been attacked by hackers, in one of the biggest crypto thefts to date. The hackers attacked what is known as the Ronin Bridge – software that enables NFT conversion between one blockchain network and another – and thus emptied it of cryptographic assets worth a total of more than $ 600 million. The hackers took more than 173,000 Ether tokens and more than 25 million USDC tokens in two transactions. The breach occurred on March 23, but was only discovered last Tuesday, almost a week later.
The game Axie Infinity operates on a “play to win” mechanism. Players are required to buy an NFT to enter the game, and each win entitles the player to additional NFT. Ronin, the software that was attacked, allows players to exchange the digital tokens they earn on Axie Infinity with other cryptocurrencies, such as Ethereum for example.
The attack comes after a series of recent hacking incidents on various blockchain platforms and bridge software, and illustrates their relative vulnerability to such attacks. A hack into the Bitmart platform in December resulted in a theft of nearly $ 200 million, while the summer before, a hacker broke into Poly Network, taking more than $ 600 million into his pocket, though he eventually returned the money. Last February, there was a hack into the Wormhole bridge software, where losses of more than $ 300 million were recorded, which were eventually returned by one of the software’s sponsors. Often, the code of the bridge software is not controlled and it is not clear who is running it and how, allowing hackers to exploit vulnerabilities. Still, the use of bridges is very common in blockchain networks, through which hundreds of millions of dollars worth of cryptocurrencies are transmitted.
Concerns about the vulnerability of the bridge software come amid heavier concerns in the crypto market, when it comes to securing decentralized financing protocols, or DeFi, that allow for the execution of financial transactions without third-party mediation, through smart contracts. About $ 2.3 billion was stolen from DeFi platforms in 2021, a jump of 1.330% from the previous year, according to data released by research firm Chainalysis on Wednesday.
Hacking into bridge software can threaten the entire ecosystem of distributed apps, called dapps, from games to loan services. Bridge software usually takes the user’s ether currency, and puts it into a smart contract. It will then issue the user an equal amount of so-called wrapped ether, which can be used in a non-etherium blockchain to invest in dapps. If the basic ether is stolen, the wrapped ether becomes worthless, effectively leaving dapps and users huge losses.
Ronin’s blog reported that they are in contact with major cryptographic exchanges and chainalysis, in order to track the course of the stolen funds, in addition to ongoing contact with law enforcement agencies. So far it is known that the stolen funds have reached two crypto exchanges, according to Elliptic, a forensic identification company in the field of blockchain.