Axie Infinity developer Sky Mavis today announced a massive breach of its Ronin cryptocurrency sidechain. An attacker used “hacked private keys” to break through Ronin’s validator network, Sky Mavis says, transferring 173,600 ETH (worth approximately $594 million at current rates) and $25.5 million in USDC stablecoin as part of one of the largest breaches in the history of cryptocurrency.
To understand the nature of that breach, let us take you on a crash course in the short history of Axie Infinity and the complex web of crypto standards and technologies that helped allow the exploit to happen.
So you can, like, make money by playing a game?
Axie Infinity has been cited as one of the early success stories in so-called blockchain gaming. Such games use decentralized protocols to track ownership of certain in-game items and generally lets players have some control over the resale of those items.
To play Axie Infinity, players need to purchase at least three NFTs of playable in-game Axies on the open market (or borrow them from owners). Playing with those Axies then earns players some Smooth Love Potions (SLP), which can power up Axies or be sold to other players as a commodity, creating a “play to earn” loop.
Last year, there was enough hype and money sloshing through this system that some players in the Philippines were able to make a decent local wage simply playing the game as their full-time job. But that early success helped attract more players who hoped to hop on to the play-to-earn train, which in turn flooded the market with SLPs.
With few new buyers coming in to purchase all those SLPs, the value of the potions (in dollars) has cratered roughly 80 percent since early November and a whopping 95 percent from its peak last May, according to CoinGecko. As the SLP’s value has cratered, so, too, has the number of daily active Axie Infinity players and the number of new players buying fresh Axies.
(For much more on how the Axie economy functions, and how it falls apart without new players who want to buy SLPs, read through this lengthy report from consultancy Naavik.)
The weak link in the (side)chain
While Axie Infinity originally ran directly on the ethereum blockchain, the high transaction costs and slow transaction speeds on that network quickly became untenable as the game grew. To get around those fees, Sky Mavis in 2020 started to use a sidechain—a parallel private blockchain running on top of ethereum that could bypass the need to pay ethereum “gas” for each and every transaction.
Sky Mavis initially partnered with Loom Networks for this sidechain functionality. Last May, though, the company broke that partnership and introduced its own sidechain called Ronin.
Unlike the distributed proof-of-work ethereum blockchain, the Ronin sidechain operates on a much more centralized proof-of-authority system. Rather than consulting the entire distributed blockchain network to confirm transactions, this proof-of-authority system runs its transactions through a small set of trusted, handpicked “validator” nodes. Each node stakes some of its reputation on validating each transaction, theoretically punishing lone actors that try to game the system.
Centralized exchanges like Binance and decentralized exchanges like Katana allow users a “bridge” to transfer their in-game assets back and forth between Ronin and the main ethereum blockchain. But because those transfers can happen more occasionally and at scale, the transaction costs end up much lower.
Ronin’s proof-of-authority system, centralized in just nine validator nodes, is the key to its ability to provide a higher volume of transactions at much lower cost than the sprawling ethereum network. It also ended up being Ronin’s weak point, in this case.
As Sky Mavis explains, the unknown attacker was able to breach Sky Mavis’ systems and gain full access to four validator nodes that the company controls. The attacker was then able to use a leftover backdoor in those nodes to gain control of another validator controlled by the decentralized Axie DAO.
With that fifth validator node, the attacker could then provide a majority of validation signatures on any transaction it wanted, leading to the fraudulent transfers.