Last week, Sky Mavis, the Vietnam-based company behind crypto game Axie Infinity, revealed that a hacker stole hundreds of millions of dollars worth of crypto from its blockchain. Sky Mavis realized it had been compromised when a user was unable to withdraw six days after the breach, and the company froze transactions on its compromised Ronin Network Bridge.
Now, Sky Mavis has announced that it has received $150 million in investments that “will be used to ensure all users affected by the Ronin Validator hack are compensated.” Almost at the same time, it launches a new version of the game, Axie Infinity: Origin. According to Trung Nguyen, CEO of Sky Mavis, “We made a conscious decision as a team to focus on what lies ahead.”
Other crypto companies working with Axie Infinity and Sky Mavis — and having huge sums tied up in Web3 and NFTs — top the list of names who have bought in to save Sky Mavis rather than potentially see it collapse. The list includes crypto exchange Binance, Web3-promoting venture capital firm A16z, and Animoca Brands, which owns The Sandbox, among others.
Now Sky Mavis says it plans to reopen the Ronin Network Bridge after it has undergone a security upgrade and audits to try to determine if there are other vulnerabilities. Binance (which just invested in the game) has reopened transactions with the network, and according to the exchange, that means “all individual users can withdraw their funds.”
The Sky Mavis team say the March 23 heist (which again went unnoticed until March 29, when a user tried to withdraw funds but was unable) was “socially manipulated” by exploiting compromise vulnerabilities , which have been received in an attempt to achieve mainstream acceptance. While they remain committed to healing players with their own funds combined with the investments, the 56,000 Ether stolen from the Axie Infinity DAO treasury will remain “undercollateralized” while the company and law enforcement seek to get the crypto back. Their plan is to wait two years and then let the DAO vote on what to do next.
As for the stolen funds, about 168,000 Ether (worth over $540 million as of this writing) remain in the wallet where the thief or thieves left them. Attempting to launder a load of this size is a problem as anyone can see the transactions made on the blockchain. As we detailed in 2013, while crypto mixers or tumblers can help obfuscate the source of the funds, law enforcement agencies focus even more carefully on them, and laundering such a massive sum could take a long time.
A Wall Street Journal report quotes the CEO of bug bounty platform Immunefi as saying it could take years to move that much money through a tumbler. Industry watchers like Peckshield continue to post real-time notifications as small fractions of the stolen cryptos are moved from the thief’s account to other wallets and into mixers like Tornado Cash.
Nguyen says the Ronin Network will increase the number of validating nodes on its Proof-of-Stake blockchain network from five to 21 over the next three months to increase security. Fewer nodes to verify transactions make things faster and more efficient. Still, it can pose a security risk if someone compromises enough of them – in this case, the attacker took over five of the nine nodes and was able to withdraw all the funds they wanted.
4/ We thank everyone in the community for their patience while we rebuilt the battle system from scratch to be more fun, beautiful and immersive. This is a huge step for the Axie Infinity ecosystem and it has taken the support of every community member out there to make it happen. pic.twitter.com/gAMTe4qkxD
— Axie Infinity (@AxieInfinity) April 7, 2022
Before the hack occurred, Axie Infinity was already suffering from a 45 percent drop in daily active users, as reported by Bloomberg, and in-game issues that led to operators slashing the amount of SLP tokens players could PVE each day game (The appeal of the game is that you can play to make money from NFT characters you’ve purchased access to) in half, “considering the long-term health of the ecosystem.”
Despite the theft, the company has just released an early access alpha version of its next game, Axie Infinity: Origin (another planned spin-off, Land, will invite players to play the hilarious role of “land barons” This new “ecosystem experience” aims to be more welcoming to a global audience (Axie Infinity claims over 2.2 million monthly active players, and a player tracker says about 40 percent are in the Philippines, where many rely on it as a full-time job), with “all-new interfaces, gameplay mechanics, art, special effects, storylines, and an immersive onboarding experience”.
Most importantly, unlike the base game, players start with three free “axes” to fight with. While their free axes don’t allow participation in the “Earn” portion of Play for Earn, the idea is that it’s a way for people to try out the game without buying an NFT character or renting one from a manager player having to rent the access against a reduction in income. The announcement states, “Finally, new players can learn the game and fall in love with the universe before they have to touch crypto and NFTs!”
The developers say the current Battles v2 (Classic) version of the game will remain live until they complete testing, then discard the old version and move token rewards to Origins, removing the valuable incentive to play the older game , omitted. All players tricked into creating a Ronin wallet and funding it with cryptocurrency to buy Axies can rest easy knowing that users will be compensated after the big heist, but that’s enough to make anyone feel confident that it won’t happen again?