The News: The Ronin blockchain behind the popular play-to-earn NFT game Axie Infinity suffered a security breach and the $600+ million crypto hack may be the largest hack yet. Hackers made off with over $600 million in cryptocurrency — 173,600 ETH and 25.5M USDC. The COO of Axie and Ronin parent company, Sky Mavis, committed to recovering or reimbursing all lost funds. Read the full statement from Sky Mavis here.
$600+ Million Crypto Hack May Be the Largest Hack Yet
Analyst Take: The $600+ million crypto hack experienced by Ronin is a stark reminder of how much money is at stake on many newer and less-proven blockchains. Ronin is a wholly owned and managed blockchain by the company Sky Mavis. Its novelty and proprietary model means that the company lacks the battle-hardened security or track record of open-sourced blockchains like bitcoin and Ethereum.
Axie Infinity was launched in 2018 and the company began seeing meaningful daily usage in 2021. Concurrent with the increase in usage, parent company Sky Mavis built a new Ethereum sidechain called Ronin, and ported Axie to the new network. Later that same year, the company raised over $150 million at a $3 billion dollar valuation. That’s remarkable for a game that had fewer than 1 million daily monthly users as recently as February 2021.
At its peak in November 2021, the native cryptocurrency of Axie – AXS – had a market cap of almost $10 billion. Outside of the cryptocurrency world, that’s a valuation you’d normally associate with a late-stage startup or public company that has honed its security posture over years of customer usage and external audits. Axie’s value was secured by a blockchain only a few months old, which is an attractive target for hackers.
Sky Mavis Is Taking the Right Next Steps
Now that the hack has been detected and outflows of additional cryptocurrency halted, the real work begins for Sky Mavis. COO Aleksander Leonard Larsen took the right first steps in reassuring Axie players that they would be reimbursed.
The next steps will include working with law enforcement and cryptocurrency exchanges to track and freeze any ill-gotten gains. The beauty of public blockchains is that they’re public and immutable — the stolen tokens can be tracked anywhere they go. Startups like Chainalysis and TRM Labs on the other hand will have their work cut out for them to assist with the investigations.
Questions Remain on Security and Insurance and What this Means for the Industry Moving Forward
The Ronin blockchain is highly centralized, which is a key reason that hackers were able to pull off this hack. Decentralized models aren’t subject to the same risks, despite their other drawbacks. There are ways to secure private blockchains, but Sky Mavis hasn’t yet adequately detailed how they secure their network moving forward. Such reassurances will be critical to regaining consumer confidence.
As for reparations for its customer base, Sky Mavis is only making Axie Infinity players whole in hindsight. In the future, proactive steps like an insurance policy and third-party security testing will be needed to regain the trust of users.
Hacks of this magnitude, while well handled by the company, nonetheless and inevitably undermine confidence and it’s a very real reality that Sky Mavis may be forced to evolve its business model as a result. For the industry as a whole, it is only natural that questions about security and insurance remain and customers will be looking for reassurances on those fronts in the future.
My feeling is that this hack, while unfortunate, may in fact have a silver lining. The changes in the industry as a result of instances like this won’t just affect Sky Mavis, I believe they will serve to raise the bar for the whole industry.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Other insights from Futurum Research:
Image Credit: CryptoPotato
Jared is an Analyst in Residence at Futurum Research, where he helps guide our practice in all things Web3, the Metaverse, and cryptocurrencies so as to help business leaders understand how they work, why they matter, and how they can not only get involved, but become market leaders along the way.
Jared previously co-founded and served as President and Board Member of Triple Point Liquidity, a blockchain-based fintech startup serving alternative asset managers, their investors, and fund administrators. Prior to Triple Point, he held multiple roles at IBM including leading Digital Assets at IBM Blockchain, leading corporate development for Industry Platforms, and founding Watson Risk & Compliance.
Jared is author and podcast co-host at Fat Tailed Thoughts and serves as a trustee for The Williams School.
Jared holds an AB from Dartmouth College.