In one of the biggest cryptocurrency breaches to date, hackers stole more than $600 million in Ether and USDC tokens from Ronin, the blockchain network that supports Axie Infinity, an online video game. The blockchain-based game is a play-to-earn card game in which players purchase, trade, and play non-fungible tokens (NFTs) in the form of virtual creatures called Axies. Axies can sell for hundreds of thousands of dollars.
What is cryptocurrency?
As discussed in Chapter 15, cryptocurrency is an emerging form of digital payment powered by blockchain technology. Blockchain relies on a decentralized ledger that records transactions across multiple computers. Due to the way transactions are registered on the blockchain, it is incredibly difficult, if not impossible, to counterfeit cryptocurrency. It can, however, be stolen under the right circumstances.
Like fiat money, cryptocurrencies are not readily convertible to a precious metal such as gold. Unlike traditional currencies, however, cryptocurrencies are not government-issued. Mainstream investors have embraced digital currencies with the sector being valued at more than $2.1 trillion. As the sector has become increasingly popular, heists have grown in both number and size.
Inside the heist
Axie Infinity, which has processed $3.6 billion on its marketplace with 2.8 million daily active users, uses a type of software known as a bridge to allow people to convert their tokens from one chain to another. Thousands of bridges exist, transferring hundreds of millions of dollars in cryptocurrency. During the breach, hackers attacked the blockchain bridge called Ronin.
Critics say bridges have many security flaws. According to Bloomberg, it can be unclear who operates bridges, and their code is often not audited, making them vulnerable to hackers. In some cases, bridges have faced a crisis when the founder disappeared with the funds. In this particular case, the breach was undetected for six days, suggesting there are major problems with security. The hackers, whose identities are still unknown, attacked computers connected to Ronin’s network, gaining access to five of nine computers, and stole private keys (i.e., passwords).
This heist highlights the importance of blockchain forensics which attempts to investigate, track, and understand the flow of cryptocurrency assets. Ronin enlisted the help of blockchain tracer Chainalysis, as well as law enforcement. According to a blockchain forensics firm called Elliptic, the stolen money was transferred to two crypto exchanges. Sky Mavis, the Vietnam-based company behind Axie Infinity, said it is committed to recovering the stolen funds. The company has since received investments to help reimburse users. The Ronin bridge will be reopened after security upgrades and audits are completed.
In the Classroom
This article can be used to discuss cryptocurrency (Chapter 15: Money and the Financial System).
What is cryptocurrency?
How is cryptocurrency similar to traditional currencies? How is it different?
In what ways is a blockchain bridge vulnerable to hackers?
This article was developed with the support of Kelsey Reddick for and under the direction of O.C. Ferrell, Linda Ferrell, and Geoff Hirt.
Olga Kharif, "Hackers Steal About $600 Million in One of the Biggest Crypto Heists," Bloomberg, March 29, 2022, https://www.bloomberg.com/news/articles/2022-03-29/hackers-steal-590-million-from-ronin-in-latest-bridge-attack
Richard Lawler, "After $600 Million Crypto Heist, Axie Infinity Team Raises $150 Million and Launches Another NFT Game," The Verge, April 7, 2022, https://www.theverge.com/2022/4/7/23013134/axie-infinity-ronin-network-crypto-theft-origin-launch
Tom Wilson and Elizabeth Howcroft, "Explainer: Ronin’s $615 Million Crypto Heist," Reuters, March 30, 2022, https://www.reuters.com/technology/ronins-615-million-crypto-heist-2022-03-30/