Loading...

Ronin hack: Axie Infinity COO promises reimbursements

Ronin hack: Axie Infinity COO promises reimbursements
1 Apr, 2022
Loading...

Earlier this week, one of the biggest cryptocurrency hacks till date was reported on Ronin, the underlying blockchain of the play-to-win blockchain-based game, Axie Infinity. Hackers reportedly conducted a “social engineering” attack on Ronin, an Ethereum side-chain, compromising five of the blockchain’s validator nodes to steal cryptocurrency worth $625 million in Ether (ETH) and USDC tokens. Now, the chief operating officer (COO) of Axie Infinity’s parent firm, Sky Mavis, has promised “reimbursements” to all players who lost their tokens.

In a thread explaining actions taken by Sky Mavis subsequent to the hack, Aleksander Leonard Larson said, “We are committed to ensuring that all of the drained funds are recovered or reimbursed, and we are continuing conversations with our stakeholders to determine the best course of action.”

The executive also stated that the company is working with “key cyber security personnel”, including cryptocurrency tracking platform Chainalysis, to track down the movements of the funds that were stolen from the platform.

Loading...

The hack was reportedly conducted by compromising multiple validator nodes on the Ronin side-chain, following which the hackers used stolen private crypto wallet keys to make fake withdrawals from the platform – amounting to 173,600 ETH and 21.5 million USDC tokens, cumulatively worth $625 million.

A side-chain, which is what Ronin is, uses its own consensus protocol to validate transactions of its own tokens – but is based on a primary blockchain. In this case, the latter was Ethereum. A consensus protocol on a blockchain network is a way for transactions to be validated on it, which in turn keeps all transactions on the blockchain transparent and traceable. Typically, any side-chain based on a primary blockchain serves a specific purpose – in this case, Ronin sought to reduce the ‘gas fees’ or transaction fees associated with making transactions on Ethereum.

The consensus protocol of the blockchain network uses validator nodes, where multiple such nodes are required to validate a transaction before it is executed on the network. Typically, a higher number of validation nodes may make transactions slower on a blockchain, but could also make them safer. Subsequent to the hack, Larson has stated that the number of validation nodes required on Ronin to authenticate a transaction has been increased from five to eight – in order to prevent the hacker in question from replicating the same exploit.

Loading...

Experts have now weighed in on the matter to state that it might be difficult for hackers to move funds or cash in on them due to the factor of traceability in cryptocurrency transactions. Kim Grauer, director of research at Chainalysis, told Blockworks that while fiat funds, or centralised currencies such as the dollar or rupee, could be laundered through obscure bank accounts or other channels subsequent to a heist, the same does not hold true for cryptocurrencies.

“With the inherent transparency of blockchains and the eyes of an entire industry on them, it’s difficult for any cryptocurrency hacker to escape with a large cache of stolen funds. In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet,” Grauer said.

The assessment is in line with Chainalysis’ own Crypto Crimes 2022 report, which stated that a large section of crypto criminals are gradually turning into crypto ‘whales’ – a term used for private crypto wallets with holdings of more than $1 million in crypto tokens.

Loading...

Law enforcement agencies have also been recovering large amounts of stolen funds in the cryptocurrency space. In December 2021, the US Department of Justice (DoJ) announced that American federal agents successfully recovered funds worth $154 million, after the same was stolen by an individual inside Japanese technology company Sony Corp and converted to Bitcoin.

In February 2022, the DoJ also said that law enforcement officials had recovered over $3.6 billion in cryptocurrency linked to the hack of Bitfinex, a crypto trading platform.