We greet you this fine Wednesday morning with some schadenfreude: The people behind massive exploitative pay-to-earn job/game Axie Infinity have apparently seen their network hacked to the tune of $625M worth of crypto (ether and USDC) – potentially the biggest crypto hack of all time.
According to Ronin Network, the hacker(s) exploited a backdoor inadvertently opened by Vietnamese studio Sky Mavis last year, allowing them to seize control of enough validators to “forge fake withdrawals,” which they then proceeded to do.
Gizmodo notes a particular oddity here: Since crypto is traceable, investigators have been tracing a small portion of it move through “traditional” crypto exchange rather than a “mixer” service, meaning it could theoretically be frozen and blocked from cashing out into real money. The majority of the funds are still held by the attacker and haven’t yet been laundered.
Ronin says it’s “working directly with various government agencies to ensure the criminals get brought to justice” and has paused use of Ronin bridge – including withdrawals from the network – to “ensure no users’ funds are lost.” As of this morning, a Sky Mavis co-founder said its security personnel are in the middle of a “deep forensics review” and that the studio is “committed to ensuring that all of the drained funds are recovered or reimbursed.”
Gamers will recall that Axie Infinity is one of the most successful blockchain online games on the planet, having risen to financial prominence last year through a play-to-earn model that charges significant sums up front and takes advantage of desperate participants in small economies around the world.
Either way, the price of Ronin Network’s own token isn’t doing so hot.