Web3 blockchain games are now facing a new threat from big-ticket crypto hackers
Axie Infinity, a popular blockchain game, has experienced what could be the most significant security breach in the history of decentralized finance, also known as ‘DeFi.’
The incident highlights a growing problem for ‘web3,’ the umbrella term for digital services based on blockchain technology. Last week, hackers stole $615 million from the game’s Ronin Network, which said with help of law enforcement they are trying to recover the funds and repay players. Many of whom had to pay hundreds of dollars in advance to participate. It’s also delaying the release of a similar earn-to-play game. The exact number of gamers who were affected is unknown.
This Ronin bridge hack is wild! Over $600m in #crypto drained 🤯
As we saw with the Wormhole exploit a few weeks ago, bridges are easy targets…
— Coin Bureau (guy.eth) (@coinbureau) March 29, 2022
An increasing set of security vulnerabilities resulting from flaws in designing web3 code is upending one of blockchain’s primary promises—enhanced security—and delaying the technology’s broad acceptance.
Last August, hackers stole more than $600 million from the Poly Network blockchain initiative. Then, in February, $320 million was stolen from a “bridge” that allowed consumers can transfer crypto assets between two prominent blockchain networks, Solana and Ethereum.
Poly Network was attacked by the alleged hacker draining roughly $600 million in crypto.
— Stox – The Portfolio Tracker for All (@getstox) August 10, 2021
The majority, if not all, of the funds, were returned to the original holders in both circumstances. However, the billions of money locked up in numerous apps that are also primarily managed autonomously, DeFi, or the slew of blockchain networks attempting to serve as an alternative to traditional financial systems, has become a tempting target for hackers. At the time of writing, the money stolen in the most recent theft had not been moved from the attackers’ wallets.
According to cryptocurrency security firm CertiK, the amount of money lost due to DeFi project hacking doubled in 2021. Between January 2020 and February 2022, there were 83 confirmed DeFi service breaches, according to a timeline on the security website CryptoSec.Info, with a total loss of $2.3 billion.
Those still eager to invest in web3: brace yourself, for hacks will continue to come. The current hack should serve as a caution to venture capitalists about inherent security problems in blockchain services, particularly with crucial devices like bridges, according to an investor in Sky Mavis, the creator of Axie Infinity.
One problem with Ronin was that it operated off-chain, operating as a layer on top of the Ethereum blockchain to speed up and reduce transaction costs. The disadvantage is that a second layer isn’t as secure as the blockchain. According to Dan Hughes, creator of the British DeFi firm Radix, the attackers may have taken advantage of a network rush to authenticate many transactions at once, as Ronin Network did not offer much detail about the mechanics of the hack in a blog post.
In other words, Ronin’s attackers may have been exploiting a flaw in the network’s procedures rather than a stray bug, highlighting some of the broader challenges of developing hack-safe blockchain-based programs. Many Ethereum app developers utilize Solidity, a programming language built for smart contracts, which are basic programs on a blockchain. On the other hand, Building with Solidity is one of the most difficult programming languages. Coders must carefully plan their moves and do not have several chances to get anything perfect. Making a mistake doesn’t only result in a hiccup, as it can with a specific website or app. It could result in a security flaw, and financial services accounting for such a massive percentage of web3 apps could put large quantities of money at risk.
“Savvy hackers can sometimes take advantage of something as basic as a typo.” “Hughes said in a Twitter Spaces conversation with Bloomberg Opinion last week. On Wednesday, he said that a coding error with smart contracts seems unlikely to be the reason for Ronin Network’s security vulnerability.
Nonetheless, a series of thefts should act as a wake-up signal to potential investors and web3 companies to invest more in safeguarding their very sophisticated systems. According to Hughes, there is a prevalent “move quickly and break stuff” mentality “web3 development culture. When poorly built algorithms lead to financial disaster, this could become extremely harmful.
“The trouble with hacks is that there are hundreds of thousands of ways to get it right when building a safe system,” says the author “Hughes continues, alluding to a problem that concerns web 2.0 and web 3.0. “Every time, you have to get it right.” A hacker has to get it right once in their life.”