Axie Infinity Hack: The King is Dead, Long Live the King!

In the kingdom of the blind, the one-eyed are kings – There are sometimes proverbs so accurate that they alone represent the situation. Axie Infinity, Fallen King of Winning Gamesblind to human error fell victim to a hack. 173,600 ether (ETH) and 25.5 million USDC, or more than $625 million currently, stolen. The daring hacker found a breach, a back door that he took.

Reminder of the facts: Axie Infinity victim of a crypto heist

The events took place on Tuesday March 29. Axie Infinity, the Grand Monarch of play to win hacked, siphoned, torpedoed! 173,600 ether and 25.5 million USDC have been stolen. How did the hacker do it? He managed to compromise the private keys of 5 validators by going through a validator who has not existed for several months and whose authorizations had not been revoked, by mistake. The stunned community does not, however, lose faith in Sky Mavis, queen mother of Axie Infinity and Ronin, the crypto exchange for the NFT blockchain game.

Very soon after the fact, the Ethereum sidechain was able to benefit from the support of Web 3 and cryptocurrency giants such as the CEO of BinanceChangpeng Zao aka CZ.

Etherscan screenshot of hacker’s wallet- Source: Ronin

Binance: the King’s Attorney

In these supports, Binance becomes the close guard of the King. Protector and investigator, like a hero, the emperor of cryptos declares the day after the hack that deposits, withdrawals and conversions on the Ronin network (the Ronin Bridge) are suspended.

>> A safe platform to buy your cryptos? Sign up on PrimeXBT (affiliate link) <

Added to this is the decision to block potential addresses of hackers and to dedicate a monitoring team to watch for any unusual transactions. Until the network is secure, Binance will not reopen the bridge. The restriction will therefore be permanent as long as the network is not stable and in good health.

CZ Tweet, Binance CEO
Our team is in contact with Axie Infinity to help them find a solution to this problem. CZ. Source: Twitter

But then, who is the hacker of Axie Infinity?

From the outset we can confirm that we will not be able to tell you today who is the hacker by Axie Infinity. But the blockchain allows us to have some clues about his actions after his attack on the kingdom of play to earn.

Indeed, observers have noticed that after the attack, the hacker used centralized exchanges to finance the address at the initiative of the attack. Thousands of ETH have thus been deposited on platforms such as Huobi, FTX and Crypto.com.

For the rest of our investigation, theuse by the hacker of a centralized exchange is interesting. Indeed, these crypto-exchanges use a KYC system, Know your customer. These identity verifications are controversial within the crypto community. Indeed, they go against the philosophy of Satoshi Nakamoto creator of Bitcoin. But in our story they appear as a solution to be able to find the hacker and, who knows, maybe recover the pirate’s loot.

A hacker, jester of the King?

So we know that the hacker tried to launder his funds and disperse them using centralized exchanges. Strange.

Indeed, logic would dictate that he used a decentralized wallet, ie on DeFi. Known for being less rigorous in terms of identity verification, operations would have been more discreet.

The co-founder of the company Elliptic, one of the gendarmes of Web 3 and knight of cryptos, Tom Robinson, develops this idea:

“It is unusual to see such direct flows of funds from flights to major exchanges (…) They may have bought accounts, or they could use an intermediary to launder on their behalf. »

Elliptic investigates

Elliptic is seeking $540 million in the first hours of its Ronin and DeFi investigation. Elliptic does not intend to answer all the questions the community has regarding this attack. However, their report reveals certain certainties.

The hacker started disperse the funds before Sky Mavis realizes the hack (the hack indeed took place 5 days before the date it was discovered).

The various remittances that the hacker has made are currently affecting three major crypto exchanges.

USDC, a stablecoin that can be frozen by regulation if involved in illicit activities, has been changed to Ether on a decentralized exchange this time around. By converting the tokens on the DEXs, the hacker avoided the KYC performed on the CEXs.

After this swap, this conversion, the hacker started laundering ETH through three centralized exchanges. At the time of Elliptic’s report, $16 million in ETH had already been laundered in this way. 524 million are therefore on other Ethereum accounts which, according to the report, would belong to the hacker.

Diagram of the crypto security company Elliptic which is investigating the Axie Infinity hack
Axie Infinity Hacker’s Supposed Accounts Schematic-Source: Elliptic

Axie Infinity: The Word of a King

The Axie Infinity hack is necessarily symbolic. This kind of event is never pleasant. In fact, it reminds us all that we are vulnerable in this ecosystem. The financial consequences for Ronin are terrible. They are already having a heavy impact on the development of the game, which is delaying the release of the new version of its NFT game by a week: Axie Infinite Origin.

“While the game is ready for a soft launch, we have decided to give the engineering and security team an additional window of time to thoroughly investigate all implications of the breach, before requesting their full attention to support the release of Origin. »

The Lunatian; Official Axie Infinity Diary

Sky Mavis has pledged to reimburse players who have lost funds. Indeed Aleksander Leonard Larsen, one of the thinking heads of Axie Infinity tweeted again yesterday:

Tweet from Alexander Leonard Larsen

“Our top priority is ensuring security and trust in Ronin. Once done, we will open Katana DEX and the bridge. We appreciate your patience as we execute our internal recovery plan which will ensure there are no lingering threats. »

Alexandre Leonard Larsen, Twitter

The Community: The True King of Axie Infinity

We must not forget one of the strong points of the King either: his united, patient and built community. Thus some autonomous guilds have been able to show their support for the blockchain gaming giant. Axie Infinity also confirms its wishes for the development of a free crypto-nation (Lunacia) and, in a rallying cry, gathers its topics for Thursday, April 7:

“To our dedicated Axie Infinity community: We are unwavering in our commitment to our mission. Thank you for your continued support and guidance as we discover together how to transform the world. Challenges like these are learning opportunities and only make us stronger. We’re confident the world will fall in love with Origin and the universe we’re building around Axie Infinity. »

New design of Axie Infinity Origin
Design of Axie Infinity Origin, the new version of Axie Infinity

Axie Infinity: a game won?

So, after a few days, the play to earn game seems to come out stronger from this hack. Sky Mavis wisely sees it as a learning experience, a lesson. The network is recovering quite quickly since we learned this very noon that Binance has restored operations on Ronin, partially of course, but the elements are gradually returning to order.

Tweet Binance
Deposits and withdrawals on Ronin Network are partially restored. Binance.” Source: Twitter

This historic Axie Infinity hack will continue to be talked about. It remains to be seen whether the various investigations carried out will be resolved. The Axie Infinity community, fighting
hope this situation will find a happy ending like for the hack of BZX with stolen money recovery. Same scenario for Multichain which was reimbursed by the big-hearted hacker. We can, however, point out a few lessons in this whole story: protect yourself and don’t put all your eggs in one basket, because in the manner of our king, you may well find yourself out of your pants. Do your research: don’t be blind.

Hacks are unfortunate hazards but not inevitable… Play it safe and register now now on the PrimeXBT platform. In addition, you benefit from a bonus of up to $7,000 on your first deposit thanks to our code 50DEPJDC (affiliate link, see conditions on the official site).

Leave a Comment