Axie Infinity ($AXIE.NFT) set the standard for what “play-to-earn” (P2E) games on the blockchain could look like — the multi-billion dollar ecosystem they’ve built includes thousands of NFTs, two ERC-20 tokens (which are collectively worth billions in market cap), and a community base rivaling even major blockchains. 💪
Unfortunately, the P2E giant missed the mark on one thing — security. The game was exploited for 173,600 Ethereum and $25.5 million USDC. The culprit? The bridge that helps money move between Ethereum and the game’s blockchain, a side-chain called Ronin. Perhaps even more embarrassingly, Axie Infinity didn’t even notice the hack for days. Oof.
Investors use bridges to move non-native assets onto new chains without needing to buy, sell, or swap assets on exchanges (e.g: to move Bitcoin onto Ethereum; to move $USDT from one chain to another.) 💡
However, bridges often custody assets which back the asset to be issued on another chain. Wormhole, a bridge which was hacked last month, was hacked for $326 million. If not for the generosity of a donor, any Wormhole-denominated assets which traveled across the bridge would have been uncollateralized (that implies a complete loss for people who moved assets across the bridge to other chains.)
That’s why bridges are a black swan for crypto. 🤷 Ethereum co-founder Vitalik Buterin even echoed concerns about the “security limits of bridges” and cross-chain applications. He said that it would be safer to “hold Ethereum-native assets on Ethereum … [and] Solana-native assets on Solana” than to send non-native assets across the bridge.
The Ronin exploit isn’t that different from Buterin’s warning. The only major difference is that the Ronin sidechain isn’t explicitly financial, unlike many other applications and bridges that have been hacked. Instead, Ronin is the chain which intermediates most transactions for Axie Infinity. Unfortunately, that means the game’s economy has been rugged. 😬
The hack is an unprecedented one, setting a new “high score” on the Rekt News leaderboard tracking hacks in the DeFi and crypto ecosystem. The cumulative losses were reported to be $624 million, which was $23 million greater than the previous front runner. 🤦
On the news, the Axie Infinity governance token $AXS.X took a -7.7% hit. The game’s in-game currency, Smooth Love Potion ($SLP.X), lost- 8.3%. In the grand scheme of things, those losses are not that big when compared to the damage done to users and the broader ecosystem. However, the Ronin hack might count as a striking loss of credibility for one of the blockchain’s sweetheart projects. 💔
They might be in luck, though. The alleged thief reportedly sent the money to major exchanges such as Binance and FTX, which means the stolen funds could stand to be returned. FTX CEO Sam Bankman-Fried even acknowledged that the exchange was investigating and would take action where appropriate, which might mean that the exchange could return funds to the exploited bridge.