The money lost in scandals related to NFTs, DAOs or crypto since the beginning of 2021 is around $9.5 billion in the last year alone

For some, the so-called web3 is the most promising future for the Internet. It is a way of returning decision-making and participation to all users, with blockchain technology at its core. For its acolytes, NFTs are the first tangible case of its potential, with DAOs, all the options in the crypto world and dApps following in its wake.

But at least so far the so-called web3 or all that is intended to be included under its umbrella has given rise to some of the biggest scams ever seen in the online environment.

The latest of these major scandals has been the most significant in financial terms. Axie Infinity, a blockchain-based video game in which players compete against each other with NFT monsters, is one of the most popular play-to-earn (“play to win”) games in the world. Simply put, whoever wins the most, gets the most tokens, which can be exchanged for real money. The implications on the gaming world of this are huge and what it means to change from playing for fun to playing to win money.

It all seemed to be a money maker, until Sky Mavis, the Vietnam-based developer behind the game, ran into trouble.

It all started when Axie Infinity’s user base skyrocketed last year, and with it the value of its in-game cryptocurrency, the Smooth Love Potion (SLP), went into hyperinflation. This forced the developers to implement new measures in their monetary policy that decimated players’ earning potential.

But the worst came a few weeks ago, at the end of March, Axie Infinity suffered one of the world’s largest crypto thefts. A hack took $610 million of the company’s funds, dealing a blow to the game’s millions of players, many of whom treat gambling as a job.

The story behind the hack begins in April 2021, when Sky Mavis transitioned the game off the Ethereum blockchain and onto a self-developed splintered sidechain called Ronin. The migration was supposed to make it easier for players to join the game and trade assets, such as NFTs, making transactions faster and cheaper. And it worked for a while.

Soon after the change, the number of Axie Infinity players skyrocketed, peaking at 2.5 million daily active users by the end of 2021, up from about 38,000 in April. The price of its token also skyrocketed, with a 1,000% increase in the week following the game’s move to Ronin.

Its virtual currency (remember, SLP) is useless in the real world, but Axie Infinity players can convert the virtual token into Ether-the native cryptocurrency of the Ethereum blockchain-and then cash it out in fiat currency. That was, at least, until a hacker infiltrated the Ronin network on March 23 and stole the funds Axie Infinity uses to finance those token withdrawals.

The problem lay in the fact that the greater flexibility also gave greater insecurity. The Ronin network requires all transactions on its blockchain to be approved by five of nine “validators,” i.e., entities that sign off on any deposits or withdrawals on the network. This is very little compared to other blockchains: Ethereum’s main Ethereum blockchain has more than 300,000 validators.

Four of Ronin’s compromised validators were controlled by Sky Mavis, while the fifth was controlled by Axie’s DAO, the decentralized autonomous organization representing the gaming community. However, in November 2021, Axie’s DAO allowed Sky Mavis to approve transactions on its behalf to help the developer manage “an immense mass of users.” The deal ended a month later, but Sky Mavis forgot to revoke his permission to sign for Axie’s DAO.

That meant the hacker could easily gain control of the Ronin network by simply breaching Sky Mavis’ logins, and then approve transfers of approximately $620 million worth of cryptocurrencies to his own accounts, making it the most numerous theft to date.

Axie’s case is the most recent, but certainly not the only one because that whole mysterious world of the web3 is the perfect territory for new white-collar criminals.


Please enter your comment!
Please enter your name here