The Bigger Problem With Axie Infinity
The vulnerability has to do with the structure of the game itself, which revolves around real money – non-fungible tokens (NFT) – rather than your standard in-game currency. It’s what’s known as a “play-to-earn” model: Playing the game can actually make you money, if you play your cards right.
Rather than operating directly on the tried and true Ethereum network, Axie Infinity uses a custom-built sidechain called Ronin – essentially an Ethereum spin-off meant to reduce congestion on the main chain. In order to interact with applications built on Ronin, you’ll need to port your crypto over to the network using a specialized program called a “bridge.”
This was the site of last month’s exploit. Blockchain networks are notoriously difficult to mess with, in and of themselves – it’s when you’re moving money between networks that cracks start to form. An attacker managed to steal around $610 million from Poly Network last year by going after the bridge. And just two months ago, the decentralized finance (DeFi) platform Wormhole had its bridge hacked to the tune of $325 million.
In the case of Axie/Ronin, the company behind the network didn’t even notice the hack for about a week. Or if it did, it decided to take its time in formally announcing it: A blog post revealing the losses went up on March 29, six full days after the attacker made off with the funds.
“This is when we show what we're made of,” tweeted Axie co-founder Jeff Zirlin at the time. “Chaos is a ladder.” (The apparent ”Game of Thrones” reference was not explained.)
This sort of dug-in flippancy has more or less been the mentality of the Axie Infinity team. The Ronin bridge remains down, which means Axie players can’t actually withdraw their crypto from the network, but top brass has apparently decided the show must go on. Sky Mavis, the company responsible for Axie Infinity, has said it plans to reimburse players for their lost funds. It also delayed the game’s next big upgrade, titled “Axie Infinity: Origin,” by a week.
But as Axie looks to retain its status as the single largest play-to-earn ecosystem on any blockchain, security issues may be the least of its worries.
Back in December, Zirlin described Axie Infinity’s play-to-earn mechanics as a kind of liberation for the world of online gaming.
“All we’ve done is we’ve added a system of property rights into games,” he told me, referencing the idea that players can actually “own” Axie NFTs on the blockchain. “So, in some ways, we’ve freed people. We’ve given them something that they should have had all along.”
In practice, though, Axie is a lesson in the dangers of play-to-earn.
Read the full article here.
–Will Gottsegen