The biggest crypto heist of 2022 so far sees the thieves get away with $615 million
Cryptocurrency projects are still the targets of hacker attacks, some of which are successful. The victim this time around was Sky Mavis, whose Axie Infinity game was the most popular NFT-based game of 2021, boasting token turnover in excess of $4 billion.
For its projects, Sky Mavis uses its proprietary Ronin blockchain, which is a sidechain of Ethereum. This network is specially designed for faster payments and lower commission. These advantages came at the price of security, with the protocol only using five out of nine validator nodes to confirm transactions. The hackers managed to crack the closed keys of four of these nodes, also gaining access to the signature of the third-party validator operated by Axie DAO.
As a consequence, the criminals managed to make off with 173,600 ETH and 25.5 million USDC, which is around $615 million at current prices. The theft took place on 23 March but only came to light on 29 March, when one user was unable to make a 5,000 ETH transaction through the Ronin bridge.
In a bid to prevent future breaches of funds, Sky Mavis has halted operations on its Ronin bridge, while the number of validators required to sign off on a transaction has been increased to eight. Due to the associated inability to arbitrage, the decentralised Katana platform was also disabled. The company assures its users that it is making every effort to get the stolen funds back and is cooperating fully with law enforcement to identify the criminal or criminals. It is also worth noting that the stolen funds have not moved since the original theft.
We cannot, therefore, rule out the possibility that a "white hat" hacker could be behind the break-in. These kinds of hackers typically wait for the company to find the vulnerability following the break-in and then return the stolen funds (occasionally keeping a little "tip" for themselves). This allows them to avoid criminal prosecution while simultaneously shedding light on chinks in companies' cyber armour and making a name for themselves in the process. For instance, last year saw Poly Network hacked by an unknown white hat who managed to steal around $600 million in various cryptocurrencies. The same hacker later returned all the unblocked funds, including a message for the company in the transaction.
However this particular story ends, a breach in one's defences is always bad for a company's image. As a result of the saga, the Ronin coin crashed 20%, while the AXS token is down 8%. The Sky Mavis team had previously expressed its hope that its sidechain would be used by third-party gaming platforms, but this now looks unlikely.
StormGain analytical group
(cryptocurrency trading, exchange and storage platform)