The announcement came as a shock: Axie Infinity, the most popular play to earn game (“we play to win”) has been the subject of a hack that will remain in the annals for a long time: hackers managed to exploit a flaw in the Ronin blockchain, which is the basis of this game.
They thus managed, through two transactions, to embezzle 173,600 ETH , then 25.5 million USDC – a stable coin whose value is equal to the dollar.
In total, this represents the equivalent of $622 million.
Almost a week to detect the hack
Six days passed before Sky Mavis, the publisher of Axie Infinity revealed the pot of roses – the hack happened on March 23 but was not discovered until late. The alleged attacker(s) succeeded in hacking users’ private keys – a combination of 256 sequences of 0 and 1, a code deemed inviolable.
It would seem that the flaw even dates back to November 2021. At that time, due to a very large number of Axie Infinity users, Sky Mavis relied on a validator dubbed Axie DAO and authorized him to sign various transactions on his behalf.
However, this access, which was intended to be temporary, had not been completely revoked. It would also seem that the hackers used what is called “social engineering”, that is to say manage to coax a member of a company into talking about things that they is not supposed to be communicated.
A hack of historical value
Present at a conference organized in Los Angeles (NFTLA), the co-founder of Sky Mavis, Jeff Zitlin recognized that it was ” one of the most important hacks in history “.
It remains that it is the biggest hack in the history of cryptocurrency . The previous record hack dates back to the summer of 2021; it concerned the company Poly Network and the sum stolen had been 611 million dollars.
However, these had been returned by the hacker concerned and the performance had turned into a job offer as head of security.
Under fire from critics, the founders of Axie Infinity tried to save face. Jeff Zeitlin said there was an opportunity ” to identify the attackers and bring them to justice .” Aleksander Larser, another co-founder of Sky Mavis, certified that the accounts involved would be reimbursed for their losses.
And in fact, if the currencies of Axie Infinity, AXS and SLP suffered a relative fall of 7 and 5% respectively, they took on some color , suggesting that the event would have no major consequences on the future of Axie Infinity and Sky Mavis.