How did a hacker stole over $600 million from the crypto gaming blockchain?

Zoom / Artist Sky Mavis envisions tracking down the hackers behind the $600 million hack.

Axi Infinity Developed by Sky Mavis announced today Massive breach of cryptocurrency chain Ronin. The attacker used “cracked private keys” to hack Ronin’s verification network, Sky Mavis says, transferring 173,600 ETH (worth about $594 million at current rates) and $25.5 million In stable currency USDC As part of the biggest breach in cryptocurrency history.

To understand the nature of this violation, let us take you through a crash course in a short history Axi Infinity and the complex web of encryption standards and techniques that helped allow the exploitation to occur.

So you can, like, make money by playing a game?

Axi Infinity It was Cited as one of the early success stories The so-called blockchain games. These games use decentralized protocols for Track ownership of some in-game items It generally gives players some control over the resale of these items.

to play Axi InfinityPlayers need to purchase at least three NFTs from the playable game hubs in the open market (Or borrow it from the owners). Playing with these Axies players earn some Smooth Love Potions (SLP), which can either run Axies or sell them to other players. as a commoditywhich leads to the creation of a “play to earn” episode.

Last year, there was enough hype and money through this system Some players in the Philippines have managed to earn a decent local wage Just playing the game as a full time job. But this early success helped attract more gamers who were hoping to move onto the toy train, which in turn flooded the market with smart learning devices.

Could this be your new job?
Zoom / Could this be your new job?

With a few new buyers arriving to buy all of these SLPs, the value of the doses (in dollars) has fallen nearly 80 percent since early November and 95 percent from its peak last May, According to CoinGecko. Due to the deviation of the SLP value, this also happened Number of active people per day Axi Infinity players The number of new players who buy new Axies.

(For more information on how the Axie economy works, and how it is collapsing without new players wanting to buy SLPs, read This lengthy report is from Navik Consulting.)

The weak link in the chain (the side)

While Axi Infinity It was originally run directly on the Ethereum blockchain, and High transaction costs Slow transaction speeds on that network quickly became unacceptable as the game grew. To get around these fees, in 2020 Sky Mavis began using sidechain – a private parallel blockchain running on top of Ethereum that can bypass the need to pay Ethereum “gas” for each transaction.

Sky Mavis initially subscribed with blame networks for this side post. Last May, though, the company break that partnership and gave Its side chain is called ronin.

Image from Sky Mavis announcing the launch of the Ronin Side Series.
Zoom / Image from Sky Mavis announcing the launch of the Ronin Side Series.

Unlike the distributed Proof of Work ethereum blockchain, the Ronin side chain runs on a more centralized Proof of Authority system. Instead of consulting the entire distributed blockchain network to confirm transactions, this proof of authority system manages its transactions through it A small selection of trusted and handpicked “checker” nodes. Each node has some of its reputation for validating every transaction, in theory penalizing single actors who try to tamper with the system.

Central exchanges such as Binance and decentralized exchanges such as katana Allowing users to “bridge” their in-game assets back and forth between Ronin and the main ethereum blockchain. But because these transfers can happen more occasionally and on a large scale, transaction costs end up a lot.

Ronin’s Proof of Authority system, centered on just nine nodes of checkpoint, is key to its ability to deliver a greater volume of transactions. at a much lower cost From the sprawling network of Ethereum. It also ended up being Ronin’s weak point, in this case.

Like Sky Mavis explain, the unknown attacker managed to hack Sky Mavis systems and gain full access to four checkpoints controlled by the company. The attacker was then able to use a backdoor left on those nodes to gain control of another validator controlled by the decentralized axi daw.

With this fifth validator node, the attacker can then provide the majority of validation signatures on any transaction they want, leading to fraudulent transfers.

Leave a Reply

Your email address will not be published. Required fields are marked *