Axie Infinity (AXS): Hack on sidechain Ronin makes $600 million in loot
Originally posted here.
By: guido
Overview
The popular blockchain game Axie Infinity (AXS) has to digest a critical security vulnerability: The equivalent of around 600 million US dollars was stolen through […]
The Post
The popular blockchain game Axie Infinity (AXS) has to digest a critical security vulnerability: The equivalent of around 600 million US dollars was stolen through a hack on the sidechain Ronin.
Shock at Axie Infinity (AXS): The official sidechain Ronin has raised the alarm and has to announce the hostile exploitation of a security vulnerability . According to the report, the incident happened as early as March 23, but was only discovered yesterday, Tuesday. 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC) have gone missing from Ronin, which is the equivalent of about $600 million in damages. Those who understand the technological background of the hack also understand why sidechains deserve limited trust in the crypto industry.
Axie Infinity itself is an ERC-20 token, so it resides in the Ethereum ecosystem. But high Ethereum transaction fees and lame speeds on the ETH blockchain have taken a toll on the fun of Axie Infinity. So Sky Davis, as the development studio behind Axie Infinity, came up with the gimmick of setting up a sidechain called Ronin. This went live in July 2021 and made it possible, among other things, to offer fee-free transactions in the game and extremely simplify trading with NFTs. Even its own decentralized crypto exchange called Katana found a place under Ronin and rounded out the ecosystem.
The idea of a sidechain like Ronin is simple: all the smaller transactions are confirmed there and then later bundled and overwritten into the higher-level blockchain, in this case Ethereum’s. In the case of Ronin, however, this also meant that only 9 network points are operated to validate transactions. The lean system is meant to save costs and guarantee speed. To write valid transactions, the signatures of five of the nine nodes were needed. Using one of these nodes, that of Axie DAO , the attackers managed to compromise four of Sky Davis’ network points and obtain the signatures. This secured the majority needed to withdraw coins from Ronin. They now reside on this wallet .
Sky Davis and Ronin promise close cooperation with investigative authorities for Axie Infinty, and major crypto exchanges such as Binance and Huobi have already made it clear they will put a stop to any payout of the loot. Whether affected users of Ronin can expect compensation, if any, has yet to be determined. In the meantime, DEX Katana has been switched off for the time being and the bridge that links Ethereum and USDC with Axie Infinity at Ronin has also been deactivated. In addition, signatures from eight of the nine nodes at Ronin will be required to unlock transactions in the future.
Conclusion: security risk sidechain – Axie Infinity and Ronin suffer serious incident
Only yesterday, the BNB Chain advertised itself with planned sidechains and we just pointed out the problems of sidechains. Limited decentralization is what has damaged the trust in Ronin and thus Axie Infinty. For victims of the hack, there is a good chance that either the loot will be seized sooner or later, or Sky Davis will agree to voluntary compensation to recover the loss of image. However, whenever sidechains take over important tasks for crypto projects, it is always worth taking a look at the details of the construct as a precaution.
Best place to buy Bitcoin :