Hackers Steal Crypto Worth $600M From Axie Infinity Business

Hackers stole cryptocurrency worth around $600 million from an online game in what is believed to be one of the biggest heists of its kind.

The game, Axie Infinity, has its own version of “blockchain”, the technology that powers Bitcoin, called Ronin.
A connection between the Ronin blockchain and other cryptocurrencies, known as the Ronin Bridge, was illicitly accessed by hackers last week.

The theft was only discovered when an Axie Infinity player attempted to withdraw their own cryptocurrency from the game but was unable to do so, prompting investigations.

Vietnam-based Axie Infinity developers Sky Mavis said hackers used a previously unknown backdoor in its systems to transfer Ronin tokens into the more widely used cryptocurrency Ethereum.

Aleksandr Leonard Larsen, co-founder of Axie Infinity, has pledged to reimburse customers. He said the theft was possible due to “a social engineering attack combined with human error beginning in December 2021”.

Social engineering is a cybersecurity term used to trick customer service personnel into granting access to a person’s online account.

Mr Leonard Larsen said: “We are committed to ensuring that any funds drained are recovered or refunded, and we are continuing conversations with our stakeholders to determine the best course of action.”

Sky Mavis reportedly raised $152 million in a funding round last October. Its backers include Andreesen Horowitz and US billionaire investor Mark Cuban, who participated in its $7.5 million Series A last summer.

Axie Infinity is a game based on non-fungible tokens (NFTs), digital collectibles whose ownership is recorded on a blockchain. Blockchain sales measurement firm DappRadar said in October 2021 that more than 615,000 merchants bought or sold Axie Infinity NFTs in 4.88 million transactions, at an average price of $420 per sale.

Private cryptographic keys were allegedly obtained by the hackers and used to pass through Ronin’s transaction validation systems, which should have stopped the theft.

Law enforcement would investigate the hack.

The stolen coins are now in a hacker-controlled online Ethereum wallet.

Typically, online criminals will try to launder stolen cryptocurrency by moving it into a network of smaller accounts as well as using “tumbler” services, similar to mixing stolen notes with legitimate currency.

Some $2.3 billion was stolen from so-called decentralized finance or DeFi platforms last year, nearly 1,400% more than in 2020, according to blockchain research firm Chainalysis.

DeFi is touted as a way to avoid the controls, restrictions, and fees of traditional financial institutions and to speed up transfers.
It’s also a feature that makes cryptocurrencies attractive to criminals looking for an easy way to move their ill-gotten gains out of the reach of law enforcement.