Within a short two-year period, billions have already been stolen from just a handful of platforms. Casual crypto punters, beware!
Last year in August, the DeFi site Poly Network lost more than US$600m to ‘ethical’ hackers, who later returned the stolen funds.
This March, the Ronin blockchain project—used to power the online game Axie Infinity’s non-fungible tokens—lost almost US$540m. Hackers had used stolen private keys to pull off the heist. Ronin users were unable to withdraw or deposit funds on the network, according to Singapore-based game studio Sky Mavis, which owns Axie Infinity.
This incident joins the list of the largest crypto heists on record.
The validator nodes of the Ronin bridge were hacked on Wednesday 23 March, but Sky Mavis said it did not discover the breach until almost one week later on 29 March, according to Oded Vanunu, Head of Products Vulnerability, Check Point Software Technologies.
“Blockchain as a technology is decentralized by design, making it extremely difficult to exploit its core functionality. But businesses cannot afford to become complacent. A network as big as Ronin had only nine validators. We would usually expect many more. By compromising just five of them, attackers were able to orchestrate one of the largest crypto thefts to date by forging NFT transactions.”
Vanunu added that the inherent anonymity of blockchain technology represents a relatively low risk and high reward target for cybercriminals: “That’s why we’re seeing them double their efforts to exploit any and all vulnerabilities that exist within the blockchain eco-system.” According to one news report, some people lost their life savings playing Axie Infinity. The game is highly popular with millions of players around the world dabbling with cryptocurrency and collecting the game’s non-fungible tokens (NFTs). In the Philippines, playing the game—which involves fighting cartoon pets called Axies to earn crypto—had become a full-time and potentially lucrative job… until now.