The creators of one of the most popular blockchain-based online games said on Tuesday that hackers were able to steal assets worth around $625 million from the gaming company and its players.
The theft immediately became one of the biggest in the history of the booming world of cryptocurrencies and decentralized online gaming, both of which have exploded in popularity in recent years.
Hackers have targeted Ronin, a blockchain service run by the owners of Axie Infinity, which is an online game that attracts around 2 million daily users and sees tens of millions of dollars in daily sales volume. Ronin said in a blog post on Tuesday that the hackers were able to essentially take over the network and send 173,600 ether, worth around $600 million, to an anonymous Ethereum wallet. The hackers were also able to withdraw around $25.5 million worth of US dollar coins, a digital currency pegged to the value of the US dollar.
Ethereum, like bitcoin, is a cryptocurrency based on blockchain technology, in which many computers contribute to a shared database that is not controlled by any single entity. Hacks of cryptocurrencies such as bitcoin and ethereum have surged in recent years as they have gained in value. They are different from traditional government-backed currencies such as the US dollar in that they are purely digital and all transactions are recorded on a decentralized computer ledger known as a blockchain.
Axie Infinity is an online game launched in 2018 in which people collect and create mythical creatures and then compete against other users. It uses non-fungible tokens to track ownership and reward users for playing. It is run by Sky Mavis, a Vietnam-based game developer that has attracted high profile investment of venture capital firm Andreessen Horowitz and Mark Cuban, owner of the Dallas Mavericks.
Sky Mavis did not immediately respond to a request for comment.
Jeffrey Zirlin, co-founder of Sky Mavis, said on Twitter: “This is where we show what we are made of. Chaos is a ladder.”
The Ronin hack is the latest in a series of high-profile crypto thefts, a relatively new and complicated category of crime that threatens one of the hottest sectors of the internet economy. Digital currency owners and law enforcement are still grappling with the scale of the threat, and last month the FBI spear a new crypto crime unit.
While major blockchains such as the one behind bitcoin have remained secure, tech companies are building services above or alongside them that don’t always have the same level of security or decentralization.
It is unclear who was behind the hack or if they will be able to liquidate any of the stolen assets, as Ethereum can easily be tracked when sent between digital wallets. In some recent flights, the pirates have agreed to return the assets in exchange for a percentage of the value of the assets.
Tom Robinson, chief scientist and co-founder of Elliptic, a London-based cryptocurrency compliance firm, said they track the theft funds as they move through transparent blockchain systems. The funds have ended up in at least two major exchanges so far, he said.
“It was a huge honeypot for hackers,” Robinson said of the Ronin Network.
Changpeng Zhao, CEO of Binance, one of the largest cryptocurrency exchanges, said on Twitter that his company is working with Axie Infinity to track the stolen funds.
The theft rivals a heist of around $600 million in cryptocurrency that another blockchain company, Poly Network, disclosed in August. A person claiming to be the hacker behind this attack said they did it “for fun” and almost half of the funds were returned in about a day.
Based on the value of funds at the time of the theft, the Poly hack is considered the biggest crypto heist of all time, with the Ronin hack second at $540 million, according to Elliptic. The value of some cryptocurrencies has increased since March 23, when the Ronin network said the hack began.
The hack affected users of the online game, who are now unable to withdraw or deposit funds on the Ronin service. The company said it is committed to making users whole and is working with law enforcement and forensic cryptographers.
“Sky Mavis is committed to ensuring that all drained funds are recovered or refunded,” the company said on Substack.
Axie Infinity has become one of the top NFT-based online games, with its digital tokens worth around $4 billion as of Tuesday afternoon, according to CoinMarketCap.comwhich tracks the value of cryptocurrencies and other digital assets.
Axie Infinity’s token is based on the Ethereum blockchain, which has become the go-to blockchain for many developers to build everything from games and virtual worlds to NFTs.
Robinson said the Ronin network was much more vulnerable to hackers than the original cryptocurrency bitcoin. That’s because the network only had nine “validators,” the digital equivalent of one link in a chain, while bitcoin has thousands.
And, he said, one person owned four of the validators, so it wasn’t that hard for hackers to gain control of the majority of the nine.
“There were only two entities they had to compromise to gain control,” Robinson said.
“The whole philosophy behind crypto is to be highly decentralized,” he added. “Some of these DeFi [decentralized finance] services compromise this for ease of use and become more centralized. They are the ones being attacked. »