Axie Infinity bailout: Binance leads $150M funding round to fix user losses
Axie Infinity publisher Sky Mavis has raised $150 million from the likes of Binance and Andreessen Horowitz (a16z) to replace some of the funds lost to hacker(s) earlier this month.
Sky Mavis said the raise, alongside cash on its balance sheet, would allow it to fully reimburse affected users.
Venture capital firms Paradigm, Dialectic, and Accel also joined the bailout.
The incident, which affected the Ronin token bridge, is the second-largest crypto exploit ever with 173,600 ETH ($578 million) and $25.5 million in USDC nicked.
The biggest to date is the Poly Network hack last August, which saw $611 million in crypto stolen but eventually returned.
“In order for the global ecosystem to continue thriving and maturing, it is imperative that we work together, especially when it comes to security, which is our strong suit,” said Binance chief exec Changpeng Zhao via Axie Infinity’s blog.
“We [Binance] strongly believe Sky Mavis will bring a lot of value and growth for the larger industry and we believe it’s necessary to support them as they work hard to resolve the recent incident.”
Sky Mavis to increase number of Ronin validators
Axie Infinity is a play-to-earn, NFT-centric game that touts around 3 million monthly users. Players battle and breed digital axolotls to potentially win lucrative rewards.
Axie Infinity can be a lucrative hobby. The characters (called Axies) can be sold on, so players work to improve their stats.
The game initially ran entirely on Ethereum. Sky Mavis launched Ronin, an Ethereum sidechain, last year as a means to alleviate network congestion and high fees that arose alongside Axie Infinity’s userbase.
Axie Infinity players could effectively transfer their Ethereum-bound cryptocurrency to the Ronin blockchain for use within the game.
- This was done by locking tokens inside an Ethereum smart contract, after which one would be credited with equally-valued “wrapped” tokens on Ronin.
- Users would receive their original tokens back upon withdrawal from Ronin.
- The hacker stole these original tokens, effectively leaving users out of pocket when it comes to actually using their cryptocurrency outside of Axie Infinity and the Ronin sidechain.
Sky Mavis says it only discovered the missing funds about a month after the theft occurred, when a player attempted to withdraw tokens from the Ronin blockchain to the Ethereum network.
But the attack, which Sky Mavis described as “socially engineered,” exploited Ronin’s centralized nature. There are only nine validators on Ronin; if five agree then those keys can approve any transactions they like — including withdrawals from the Ronin token bridge.
Sky Mavis controlled four private keys; the third-party entity Axie DAO had another. The hacker(s) compromised these five private keys to sign transactions that transferred the epic amount of crypto to an address under their control.
“While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack,” wrote Sky Mavis.
“It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this.”
The firm plans to boost the number of validator nodes from nine to 21 over the next three months. Private keys will be split between Sky Mavis stakeholders “including partners, community members, and long-term allies.”
Axie Infinity loot is being laundered
Two similar incidents involving hacked token bridges have occurred since August. As previously mentioned, Poly Network managed to retrieve all the lost funds after negotiating with its hacker.
Solana-powered token bridge Wormhole wasn’t so lucky. Just like Sky Mavis’ bailout, Jump Crypto stepped in to plug Wormhole’s monstrous losses earlier this year — a move no doubt inspired by Jump’s sizable investment into the Solana ecosystem.
It seems the Ronin situation echoes Wormhole’s. According to blockchain analytics unit Elliptic, the perpetrator is attempting to launder the stolen crypto via a number of routes, including standard crypto exchanges.
“The stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized,” said Elliptic in a blog post.
Stablecoins like USDC are generally controlled by the issuers, the firm explained, who can in some instances freeze and claw back funds tied to illicit activity.
Read more: [Jump Crypto forced to save Solana with $320M bailout of its own company]
Afterward, the attacker moved to launder stolen Ether worth around $16 million across three crypto exchanges. PeckShield identified the exchanges as Huobi, Crypto.com, and FTX.
The attacker’s address also sent about 2,000 ETH ($6.5 million) to crypto mixer Tornado Cash earlier this week.
This still leaves more than half a billion dollars worth of crypto to be somehow laundered. It seems the hacker is moving gradually.
Sky Mavis says it’s working with law enforcement and major exchanges to help track the funds and potentially catch the culprit(s).
Looking for bite-sized news? We’re on Twitter.
Out now: the first four episodes of our ongoing investigative podcast series Innovated: Blockchain City.