Axie Infinity, one of the biggest success stories in the world of blockchain-based gaming, has become the victim of the largest decentralised finance (DeFi) hack in history.
The Pokémon-style NFT battler saw $615 million (£468m) stolen from its Ronin Network – the Ethereum sidechain created to run the game’s transactions – on March 23.
It took a user being unable to withdraw 5,000 ether (£12m) on March 29 for Ronin to realise that 173,600 ether (£448m) and 25.5 million USDC (£20m) had been withdrawn from its bridge.
A cross-chain bridge is a DeFi tool that allows crypto to be sent from one chain to another. Using the Ronin bridge, Axie Infinity players can deposit ether or USDC to purchase NFTs or the game’s native cryptocurrency.
According to a Ronin blog post: “The attacker used hacked private keys in order to forge fake withdrawals from Ronin’s nine validator nodes. In order to recognise a deposit or a withdrawal, five out of the nine validator signatures are needed. The attacker managed to get control over four Ronin validators and a third-party validator run by Axie DAO.”
Ronin designed its validator key scheme to be decentralised to enhance security, but the attacker exploited a backdoor through its gas-free RPC node to gain access to the Axie DAO validator.
Looking at the hacker’s address, only 6,250 ether has been removed to various centralised exchanges whilst the majority of the stolen funds remain sat in the wallet.
Whilst transactions on the Ronin Network are currently disabled, the hack once again reveals the security concerns surrounding cross-chain bridges.
Ethereum’s co-founder, Vitalik Buterin, believes their days in the crypto space are numbered due to “fundamental limits to the security of bridges that hop across multiple zones of sovereignty”.
In February, the Wormhole bridge suffered from a £235 million hack that was, until this Ronin attack, the second largest DeFi exploit ever.
Want to learn more about blockchain from industry leaders? Check out Blockchain Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
The post Axie Infinity network loses £468m in largest ever DeFi hack appeared first on The Block.