Sky Mavis to Bear ‘Full Responsibility’ for Axie Infinity’s $625 Million Ronin Hack
A top official at the company behind the play-to-earn game Axie Infinity apologized for security breaches that cost users $625 million in what was potentially the biggest DeFi hack in history.
Axie Infinity Builder Accepts Responsibility for $625M Ronin Hack
On Friday, a senior executive at the firm behind the play-to-earn game Axie Infinity apologized for security breaches that cost users $625 million in what may have been the most significant DeFi breach in history.
“These are the players that deposited their funds into the Ronin network and who trusted us, and we failed to live up to that trust,” said Alexsander Larsen, chief operating officer of Sky Mavis.
Across the crypto industry, multiple teams are launching projects and platforms that are somewhat centralized in their inception. As their user base grows and their technology improves, they frequently state that they plan to “progressively decentralize.”
More transactions necessitated that Sky Mavis switch from the decentralized Ethereum blockchain to the more centrally-managed Ronin network, where only a few validators (supervised by Sky Mavis itself) were responsible for verifying the network. It was linked to Ethereum via a “bridge,” or arrangement in which tokens on one chain are locked in a smart contract, but proxies for them circulate freely on the other.
Larsen admitted on Friday that the “progressive decentralization” strategy used by his team may not have gone far enough, quickly enough, leaving users defenseless as a result.
“When you’re going 100 miles per hour, sometimes it goes a little bit heavy around the bend,” Larsen said. “I think that’s what happened here. So, lesson learned, we’re taking full responsibility for this internally.”
“We’re the team that pushed to go down this path of, you know, progressive decentralization, and all those trade-offs made us vulnerable for this attack,” he added.
Sky Mavis to Tighten Security Over Ronin Network
In order to prevent future breaches, Sky Mavis is increasing the number of Ronin validators. In the past, Ronin transactions needed to be approved by five of nine validators; currently, the network calls for 10 of 11.
It took Sky Mavis six days to realize that the attack was taking place. Now, Larsen said, the firm is considering a circuit breaker solution that will detect if too much money is being pulled from the Ronin network at one time. If it happens, the bridge will be locked down in order to confirm the transaction.
“Users shouldn’t lose their funds in a situation like this; it’s our responsibility,” Larsen said, adding that the team is replenishing the money stolen from the bridge and gathering external funds.
Axie Infinity’s treasury has been collateralized, which implies that if money is recovered from the hack, it will be returned over time to the treasury.
Two years after its release, Axie Infinity now has 1.5 million participants. New game Axie Origin has added 300,000 testers or unique gamers to the network on Thursday, according to Larsen, providing them early access, he said. The participants arrived without token incentives or a means of playing on mobile.
“I believe this will be a learning experience for the industry,” Larsen said of the hack, describing the encounter as “nightmarish.”
“We have to face the music here, and that’s exactly what we did,” he said.