Hackers steal millions of dollars on Axie Infinity

    NFT Thefts and hackers

    Hackers stole more than $500 million from the networks of cryptocurrency network Ronin last month, in what is thought to be the second-largest cryptocurrency crime on record. For a hacker, Ronin was a tempting target. The Axie Infinity video game, which has an estimated 8 million players and has attracted analogies to action-driven gathering games like Pokémon Go, is supported by the blockchain initiative.

    Axie Infinity is a big topic with a lot of money at stake. Axies, which are unique digital assets, are purchased by NFTs, or non-fungible tokens, which are unique digital assets. The creatures may reproduce, fight, and even be traded for real money. As users recognized the opportunity to earn real money, the game has grown in popularity. One 22-year-old player from the Philippines is said to have used his money from the game to purchase two apartments in Manila in 2020. Another player claimed last year that he made more money from Axie Infinity and other online games than he did from his full-time work at Goldman Sachs.

    There’s a pattern here. According to Chainalysis, a company that provides blockchain data and analysis to banks, governments, and other companies, $3.2 billion in bitcoin was stolen from individuals and services in 2021. (According to Reuters, Ronin is also working with Chainalysis to track down the funds taken in the incident.) This sum is about six times what was taken in 2020. According to specialists at Chainalysis and other security businesses, more than $1 billion has been stolen so far this year.

    Vulnerabilities in smart contacts

    The high-profile hacking and large sums of money involved have sparked concerns about how vulnerable the blockchain, which has long been seen to be a secure location to hold assets, is to such attacks. According to several experts, the increase in cases of crypto theft is due to the fact that bitcoin is now more extensively used and understood than ever before.

    “You’re effectively putting a lot of money on the table, and it’s a very public table,” said Nicholas Christin, an associate professor of computer and network security at Carnegie Mellon University. It can be tempting for a hacker to pounce when significant sums of money are publicly moving around on these transparent networks.

    Experts say it’s crucial to distinguish between the blockchain and other programs that run on top of it in order to comprehend how these heists are possible. The blockchain is a distributed public ledger that facilitates peer-to-peer transactions. Bitcoin, Ethereum, and Solana are all constructed on top of this underlying layer.

    Smart contracts, which run on top of blockchains, form the second layer, which is commonly exploited. Smart contracts are code-based agreements that automatically execute when the contract’s terms are met. The most typical comparison is to a digital vending machine: choose a product, enter the appropriate amount of money, and your item will be immediately dispensed. These agreements are non-cancelable.

    Security burden levied on the victims

    It can be difficult for burglars to pay out crypto assets once they have been taken, especially if the crime is in the nine-figure area. As a result, money is frequently left in limbo for years, if not eternally. Due to the unpredictable nature of the crypto market, the value of the stolen assets may fluctuate during that period.

    According to the Chainalysis crypto crime study, criminals currently have at least $10 billion in cryptocurrencies, the great bulk of which was obtained through theft. Although these transactions and holdings can be traced because of blockchain openness, determining the identity of the perpetrator is difficult until the assets are paid out.

    The Bitfinex controversy can be used as a case study in attempted money laundering. “It took a long time for the money to move. Then, when they tried to start the laundering process, it was an opportunity for law enforcement to become involved again since people were paying attention to these hacks, “said Kim Grauer, Chainalysis’ director of research.

    There are few options for victims of the schemes to retrieve their assets. “It’s not that horrible for a bank if their security fails,” said Ethan Heilman, a cybersecurity specialist and co-founder of cloud provider BastionZero. However, if you’re a bitcoin exchange and someone drains all of your cryptocurrency, that’s terrible. The blockchain lacks the safeguards that banks have in place to protect their customers. If one’s credit card is stolen, insurance coverage normally assures that the money will be returned. Transactions on the blockchain, on the other hand, are irrevocable—there is no undo button.

    As a result, individual users bear a significant security responsibility in order to protect their assets. “End-users may not be aware of the security hazards they are exposing themselves to,” Christin stated. “To be honest, even people in the field don’t have time to look through the source code of a smart contract.” It’s easy to be a victim of a robbery if one entrusts their keys to an improper second-layer intermediary. Most people aren’t used to this kind of responsibility.

    Stay in the Loop

    Get the daily email from CryptoNews that makes reading the news actually enjoyable. Join our mailing list to stay in the loop to stay informed, for free.

    Latest stories

    You might also like...