What Diversion of Almost BRL 3 Billion Indicates About Cryptocurrency Security

Thousands — perhaps even millions — of people may have lost money in what is considered the second largest known crypto platform hack.

The Ronin Network, a major platform that powers the mobile game Axie Infinity, suffered a $615 million theft.

The young Englishman, Dan Rean, 20, is one of the victims. He told the BBC: “I lost 0.15 Ethereum, about $500. It’s bad, but I have friends who are worse off.”

Jack Kenny from Ireland is one of them. He said, “I’m losing about $10,000.”

“I don’t think people fully understand the significance of this hack — $600 million is a very large part of all the assets on this network.”

Another American says he lost $8,000, but believes there are people who may have lost “all their life savings” on Axie Infinity digital currencies.

In the game, players fight pets called Axies in exchange for cryptocurrency.

The game is extremely popular with millions of people around the world who hope to earn cryptocurrencies and collect the game’s non-fungible tokens (NFTs).

In the Philippines, where the game is very popular, there are those who play the game full-time — an activity that can yield good returns.

Ronin Network, which is owned by Vietnamese company Sky Mavis, allows players to exchange the digital currencies they earn on Axie Infinity for other cryptocurrencies such as Ethereum.

The company claims that a hacker transferred $540 million worth of cryptocurrency to himself six days ago, but the company only realized everything on Tuesday (29), when a customer was unable to withdraw his funds. . Since then, stolen stock has increased, with the value of cryptocurrencies amounting to around $615 million.

This is the latest in a series of cryptocurrency thefts that already total more than US$ 2 billion (R$ 10 billion).

The way in which the invasion took place serves as a warning about the dangers of cryptocurrency and decentralized finance.

Will customers get their money back?

Ronin Network says it is “working with law enforcement, forensic cryptographers and our investors to ensure all funds are recovered or refunded.”

Initially, the company made a statement in its newsletter and shut down its website. The platform also turned off comments on its social media.

The company later responded to the BBC’s requests for comment saying it was “committed” to refunding customers but would not provide a guarantee.

“I didn’t try customer service because I know it would be useless,” says Dan.

“I have to wait and see if and when this will be fixed. I hope I can get my Ethereum back. Crypto companies don’t work the same way as regular companies,” says Dan.

Ronin Network has not yet informed customers what is happening with their funds or if they will get their money back.

In most cases of bulk encryption hacks, customers are reimbursed in some way, but this can take months or years.

Cryptocurrency analyst David Canellis of Protos says direct communication with cryptocurrency companies is often problematic.

“When you’re dealing with entities that handle more than half a billion dollars, you expect a little more transparency in communication — especially when there’s a security lapse.”

how it all happened

Ronin Network says the hack started in November 2021, when the Axie Infinity user base grew to an unsustainable size.

The company said last year a huge influx of players caused “a huge user load”, which made it relax security procedures to deal with the increased demand.

The platform claims that it forgot to tighten security when the situation returned to normal in December, and that the hackers took advantage of the time to relax security.

Economist and author Frances Coppola says, “This is pretty typical of cryptocurrency companies.”

“We’ve seen so many hacks caused by, to be honest, carelessness and lack of concern for the security of people’s resources. Crypto companies are sometimes so eager to make a lot of money, or simply accommodate high demand, that they release poorly designed code. and tested, compromise security or rely too much on infrastructure.”

Why does this keep happening?

Experts say cryptocurrency is increasingly being seen as an easy target by hackers.

Cryptocurrency companies are “huge money chests for hackers,” says Tom Robinson of Elliptic.

“Crypto transactions are irreversible, so if a hacker manages to get hold of cryptocurrencies, it is very difficult for someone to recover them,” he says.

Robinson said the scam is also attractive because the payment is instantaneous, unlike cybercrimes like ransomware, where criminals have to do business with hacked companies.

It is unknown who is behind this latest hack, but it may not necessarily be cybercriminals who just want to make money for themselves. For example, government-sponsored hackers have been identified as the culprits for some cryptocurrency thefts.

According to cryptocurrency researchers at Chainalysis, North Korean hackers stole nearly $400 million worth of digital assets in at least seven attacks on cryptocurrency platforms in the past year.