Digital thieves have just committed another major crypto heist. Motherboard has learned hackers stable 173,600 Ethereum (about $591.2 million) from the Ronin blockchain floating Axie Infinity, a popular earning game where players can receive crypto in exchange for playing and paying some initial fees. The perpetrators allegedly abused a back door in a Remote Procedure Call node of axie creator Sky Mavis to get a signature, allowing them to “fake recordings” using compromised private keys.
Sky blames the error on a holdover from the fall. The company asked for help from the Axie DAO (Decentralized Autonomous Organization) in November to handle free transactions and help deal with a “huge user load.” The move allowed Sky to sign transactions on behalf of the DAO until December, but access was not revoked after that.
The company has responded by “pausing” the Ronin Bridge to close off attack routes, and temporarily shut down the decentralized Katana plant. It hoped to minimize the short-term damage by raising the threshold required for validation, but also said it was in the midst of a node migration that would leave the old system behind. Sky plans to track down the stolen Ethereum with the help of Chainalysis and is contacting security teams at “major” crypto exchanges.
The theft exacerbates existing concerns for Sky. Motherboard notes Axie Infinity has suffered sharp falls for its NFTs and tokens in recent months, leading to reforms in an effort to keep the game afloat. An incident like this could easily make things worse by not only starving the game of much-needed funds, but also erode player confidence.
All products recommended by cafe-madrid have been selected by our editorial team, independent of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission.