“These are the players that deposited their funds into the Ronin network, and who trusted us, and we failed to live up to that trust,” said Alexsander Larsen, chief operating officer of Sky Mavis, in an appearance Friday morning on CoinDesk TV show “First Mover.”
“When you’re going 100 miles per hour, sometimes it goes a little bit heavy around the bend,” Larsen said. “I think that’s what happened here. So, lesson learned, we’re taking full responsibility for this internally.”
Teams across the cryptocurrency industry are launching projects and platforms that, at inception, are relatively centralized. They often say they'll "progressively decentralize" as they build users and evolve their technology.
To accommodate more transactions, Sky Mavis moved from the decentralized Ethereum network to the cheaper, faster, but more centralized Ronin network – where only a handful of validators (overseen by Sky Mavis itself) were responsible for authenticating the network. It was connected to Ethereum by a “bridge,” or arrangement whereby tokens on one chain are tied up in a smart contract while proxies for them move freely on the other.
Larsen acknowledged Friday that his own team’s path towards "progressive decentralization" might not have gone far enough, quickly enough – leaving users vulnerable as a result.
"We're the team that pushed to go down this path of, you know, progressive decentralization and, and all those trade-offs made us vulnerable for this attack,” he said.
To prevent further exploits, Sky Mavis is adding more validators to Ronin. Previously, five out of nine validators were required to sign off on Ronin transactions; now the network requires 10 out of 11.
It took Sky Mavis six days to figure out the attack was happening. Now, Larsen said, the company is looking at a circuit breaker system, which will aim to monitor if too much money is being withdrawn from the Ronin network at one specific time. If that occurs, validators will shut down the bridge in order to verify the transaction.
Larsen said that the team is replacing the money stolen from the bridge and raising outside funds, noting that although the ethos of crypto is that the space is dangerous, “users shouldn’t lose their funds in a situation like this, it’s our responsibility.”
Parts of the Axie Infinity Treasury now are being collateralized, which means that if money from the hack is recovered, it will be placed back into the Axie Infinity treasury over time.
There are about 1.5 million players of the original Axie Infinity game, released two years ago. Axie Origin, a new game on the network, incorporated 300,000 testers, or unique players, on Thursday, giving them early access, Larsen said. The players came in without any token incentives or any way to play on mobile.
“I think this will be something the industry will grow from,” Larsen said of the hack, describing the experience as a “nightmare.”
“We have to face the music here, and that’s exactly what we did,” he said.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.