More than 620 million dollars have disappeared in what could well be a double penetration porn movie, as the hackers involved synchronized their attacks to penetrate Ronin’s security and achieve the largest cryptocurrency theft in history (to date).
The theft was carried out through “Axie Infinity” a very popular video game based on NFT and blockchain technology, from which the hackers managed to make two successful transactions: The first for 173,600 Ethereum and the second for 25,500 million USDC (virtual currency with the value of the US dollar).
What is axie infinity?
We could very quickly define axie infinity as the “Pokémon” of NFTs, undoubtedly a viral phenomenon in the world of cryptocurrencies created by the Vietnamese company SkyMavis and operating under the Ronin platform. In this video game, players can collect, buy and create certain NFTs that are represented as digital pets which have been called “axies”.
Its objective is quite simple, it is to create synergy between your three digital pets to fight against those of other users and create a competitive environment, in which at the end of a period of time you will receive monetary rewards if you stay at the top of their rankings.
What is Ronin?
It is the network or blockchain created by Sky Mavis in February 2021 to solve a major problem: the high fees charged for transactions with ETH and Ethereum network, which made it unfeasible to successfully use them in ‘Axie Infinity’.
Sky Mavis basically created a new blockchain that connected to the Ethereum blockchain through a bridge (a smart contract). This allowed tokens to be transferred between two different blockchains.
How did the hackers do it?
This is a slightly different case than what happened in the past with Poly Netwrok (another crypto that was hacked some time ago), the theft did not happen because of a traditional vulnerability in the blockchain or in the smart contract.
In fact it was much simpler, because the hackers managed to double penetrate and take control of a majority of the nodes controlling the blockchain.
Those nodes allow to approve or reject transactions made in the Ronin network, the problem is that in Ronin there were only 9 validators and therefore the hackers’ task was quite simple, they only had to take over 50% of them to validate transactions.
With perfect coordination, the hackers managed to do it in such a way that it could be classified as a double penetration movie not suitable for minors! They managed to gain full control of 5 nodes and thus allow the requested money to be released.
What are the consequences for SkyMavis?
Predictably, after what happened on their platform, Ronin, Axie Inifinity and the founding company are in free fall, their value has been reduced considerably, not to mention the value of the game’s own NFTs and the number of users who have decided to abandon the project.
Despite the efforts that Sky Mavis is making on a daily basis, it seems that the situation is not going to improve in the near future, on the contrary the outlook looks pretty dark and we dare say that it is very likely that it will not recover from this despite the large rounds of funding in which it has been involved.
Could this hack have been avoided?
For a game like Axie Infinity, the developers could have done a little better with cross-bridge security, especially when cross-bridge platforms have been on the receiving end of some of the biggest cryptocurrency thefts of the past couple of years.
The security of these types of projects basically lies in “decentralization” which ensures that power and security is not concentrated in the hands of a single entity and apparently the Sky Mavis people forgot about it, thus causing the loss of so many millions of dollars and going down in history as the biggest cryptocurrency theft in history!