Skip to main content

Crypto Heist: Hackers Steal Millions from Blockchain Bridge | April 2022

Published Date
Author Geoffrey A. Hirt

In one of the biggest cryptocurrency breaches to date, hackers stole more than $600 million in Ether and USDC tokens from Ronin, the blockchain network that supports Axie Infinity, an online video game. The blockchain-based game is a play-to-earn card game in which players purchase, trade, and play non-fungible tokens (NFTs) in the form of virtual creatures called Axies. Axies can sell for hundreds of thousands of dollars. 

What is cryptocurrency? 

As discussed in Chapter 15, cryptocurrency is an emerging form of digital payment powered by blockchain technology. Blockchain relies on a decentralized ledger that records transactions across multiple computers. Due to the way transactions are registered on the blockchain, it is incredibly difficult, if not impossible, to counterfeit cryptocurrency. It can, however, be stolen under the right circumstances.  

Like fiat money, cryptocurrencies are not readily convertible to a precious metal such as gold. Unlike traditional currencies, however, cryptocurrencies are not government-issued. Mainstream investors have embraced digital currencies with the sector being valued at more than $2.1 trillion. As the sector has become increasingly popular, heists have grown in both number and size. 

Inside the heist 

Axie Infinity, which has processed $3.6 billion on its marketplace with 2.8 million daily active users, uses a type of software known as a bridge to allow people to convert their tokens from one chain to another. Thousands of bridges exist, transferring hundreds of millions of dollars in cryptocurrency. During the breach, hackers attacked the blockchain bridge called Ronin.   

Critics say bridges have many security flaws. According to Bloomberg, it can be unclear who operates bridges, and their code is often not audited, making them vulnerable to hackers. In some cases, bridges have faced a crisis when the founder disappeared with the funds. In this particular case, the breach was undetected for six days, suggesting there are major problems with security. The hackers, whose identities are still unknown, attacked computers connected to Ronin’s network, gaining access to five of nine computers, and stole private keys (i.e., passwords). 

This heist highlights the importance of blockchain forensics which attempts to investigate, track, and understand the flow of cryptocurrency assets. Ronin enlisted the help of blockchain tracer Chainalysis, as well as law enforcement. According to a blockchain forensics firm called Elliptic, the stolen money was transferred to two crypto exchanges. Sky Mavis, the Vietnam-based company behind Axie Infinity, said it is committed to recovering the stolen funds. The company has since received investments to help reimburse users. The Ronin bridge will be reopened after security upgrades and audits are completed. 

In the Classroom 

This article can be used to discuss cryptocurrency (Chapter 15: Money and the Financial System). 

 Discussion Questions 

  1. What is cryptocurrency? 

  1. How is cryptocurrency similar to traditional currencies? How is it different? 

  1. In what ways is a blockchain bridge vulnerable to hackers? 

This article was developed with the support of Kelsey Reddick for and under the direction of O.C. Ferrell, Linda Ferrell, and Geoff Hirt.  

Sources 

Olga Kharif, "Hackers Steal About $600 Million in One of the Biggest Crypto Heists," Bloomberg, March 29, 2022, https://www.bloomberg.com/news/articles/2022-03-29/hackers-steal-590-million-from-ronin-in-latest-bridge-attack 

Richard Lawler, "After $600 Million Crypto Heist, Axie Infinity Team Raises $150 Million and Launches Another NFT Game," The Verge, April 7, 2022, https://www.theverge.com/2022/4/7/23013134/axie-infinity-ronin-network-crypto-theft-origin-launch  

Tom Wilson and Elizabeth Howcroft, "Explainer: Ronin’s $615 Million Crypto Heist," Reuters, March 30, 2022, https://www.reuters.com/technology/ronins-615-million-crypto-heist-2022-03-30/  

About the Author

Geoffrey A. Hirt of DePaul University previously taught at Texas Christian University and Illinois State University, where he was chairman of the Department of Finance and Law. At DePaul, he was chairman of the Finance Department from 1987 to 1997 and held the title of Mesirow Financial Fellow. He developed the MBA program in Hong Kong and served as director of international initiatives for the College of Business, supervising overseas programs in Hong Kong, Prague, and Bahrain, and was awarded the Spirit of St. Vincent DePaul award for his contributions to the university. Dr. Hirt directed the Chartered Financial Analysts (CFA) study program for the Investment Analysts Society of Chicago from 1987 to 2003. He has been a visiting professor at the University of Urbino in Italy, where he still maintains a relationship with the economics department. He received his Ph.D. in finance from the University of Illinois at Champaign-Urbana, his MBA at Miami University of Ohio, and his BA from Ohio Wesleyan University.

Profile Photo of Geoffrey A. Hirt
More Content by Geoffrey A. Hirt