Axie Infinity Builder Takes ‘Full Responsibility’ for $625M Ronin Hack, Exec Says

“These are the players who trusted us, and we failed to live up to that trust,” Sky Mavis co-founder Alexsander Larsen said on CoinDesk TV Friday.

AccessTimeIconApr 8, 2022 at 4:23 p.m. UTC
Updated Apr 8, 2022 at 4:29 p.m. UTC

Fran is a writer and reporter at CoinDesk. He owns no crypto holdings.

A top executive at the company behind play-to-earn game Axie Infinity apologized for security lapses that cost users $625 million in what may have been the biggest DeFi hack ever.

“These are the players that deposited their funds into the Ronin network, and who trusted us, and we failed to live up to that trust,” said Alexsander Larsen, chief operating officer of Sky Mavis, in an appearance Friday morning on CoinDesk TV show “First Mover.”

“When you’re going 100 miles per hour, sometimes it goes a little bit heavy around the bend,” Larsen said. “I think that’s what happened here. So, lesson learned, we’re taking full responsibility for this internally.”

Teams across the cryptocurrency industry are launching projects and platforms that, at inception, are relatively centralized. They often say they'll "progressively decentralize" as they build users and evolve their technology.

To accommodate more transactions, Sky Mavis moved from the decentralized Ethereum network to the cheaper, faster, but more centralized Ronin network – where only a handful of validators (overseen by Sky Mavis itself) were responsible for authenticating the network. It was connected to Ethereum by a “bridge,” or arrangement whereby tokens on one chain are tied up in a smart contract while proxies for them move freely on the other.

Larsen acknowledged Friday that his own team’s path towards "progressive decentralization" might not have gone far enough, quickly enough – leaving users vulnerable as a result.

"We're the team that pushed to go down this path of, you know, progressive decentralization and, and all those trade-offs made us vulnerable for this attack,” he said.

Preventive measures

To prevent further exploits, Sky Mavis is adding more validators to Ronin. Previously, five out of nine validators were required to sign off on Ronin transactions; now the network requires 10 out of 11.

It took Sky Mavis six days to figure out the attack was happening. Now, Larsen said, the company is looking at a circuit breaker system, which will aim to monitor if too much money is being withdrawn from the Ronin network at one specific time. If that occurs, validators will shut down the bridge in order to verify the transaction.

Larsen said that the team is replacing the money stolen from the bridge and raising outside funds, noting that although the ethos of crypto is that the space is dangerous, “users shouldn’t lose their funds in a situation like this, it’s our responsibility.”

Parts of the Axie Infinity Treasury now are being collateralized, which means that if money from the hack is recovered, it will be placed back into the Axie Infinity treasury over time.

There are about 1.5 million players of the original Axie Infinity game, released two years ago. Axie Origin, a new game on the network, incorporated 300,000 testers, or unique players, on Thursday, giving them early access, Larsen said. The players came in without any token incentives or any way to play on mobile.

“I think this will be something the industry will grow from,” Larsen said of the hack, describing the experience as a “nightmare.”

“We have to face the music here, and that’s exactly what we did,” he said.


Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Fran is a writer and reporter at CoinDesk. He owns no crypto holdings.

CoinDesk - Unknown

Fran is a writer and reporter at CoinDesk. He owns no crypto holdings.