Recently, there was a big event in the Web 3 field that shocked the entire industry.
On March 29, Axie Infinity, the world's largest and most sought after blockchain game, was exposed to be hacked, resulting in the theft of 173,600 Ethereum and 25.5 million stablecoin USDCs. The direct damage caused by this hacking incident will be as high as about $625 million, setting a record for the largest attack ever recorded by decentralized financial (DeFi) systems.
It's worth noting that this isn't the first time a DeFi system has been attacked, with attacks and thefts on DeFi frequently over the past year. Just two months ago, another blockchain bridge, Wormhole, was just hit by an attack that lost more than $300 million. Last month, Axie Infinity just broke the record for $4 billion in NFT sales and won the throne of the world's largest NFT game, which is why industry speculation has made it a key target for hackers.
This huge attack led to a cliff in the price of Axe Infinity-related digital assets, of which the Ron token fell by 22% in a single day, AXS fell by about 9%, and once again put the security of the decentralized financial system on the table. Many people said that if the security of users' basic assets cannot be guaranteed, what NFT and chain games are just empty talk.
Image from Reddit, copyright belongs to the original author
For friends who don't pay much attention to Web 3 or blockchain games, they may still feel confused when they see this. What kind of game is Axie Infinity, why can a game be attacked so much damage, and how can hackers attack the decentralized financial system?
The blockchain version of Pokemon, a game that can help you make money
I believe that every game lover has a wish, can there be a game in the world, which is very fun and can help themselves make money. Previously, this kind of thing might have only happened to professional esports players who were single-minded, but Axie Infinity has opened up a whole new path for the average person.
Axie Infinity was born in 2018 and was founded by Vietnamese studio Sky Mavis. At that time, the Axie team thought that the games on the market require players to spend a lot of time and even money to play, the main function of the game is entertainment, that can create a game, can the player's energy and time into a realistic economic benefit. So based on Ethereum, they developed a game that blended classic gameplay such as Pokemon, Final Fantasy and Placed Raiders, Axie Infinity, and created a new game mode - Play to Earn.
Simply put, Axie Infinity is a digital pet world in which the protagonists of the game are various Axies similar to Pokemon, and players can either collect and train their own Axies to fight with other players' Axes, or raise and trade them as pets. After paying the starting fee, players can earn Ethereum-based in-game tokens by playing the game, and Axie Infinity allows them to cash in their tokens every fourteen days.
The game didn't get much attention when it was first launched in 2018, until the outbreak of the new crown epidemic at the end of 2019, Axie Infinity began to become rapidly popular in Southeast Asia, represented by the Philippines. The reason for the sudden popularity was also very simple, when many people were unemployed due to the sudden home quarantine, and they found that this game could really help them make money.
Because the income level in Southeast Asia is not developed, these Southeast Asian players play Axie Infinity day and night and find that their monthly income can reach $400, even exceeding the local average salary. Squatting at home is also squatting, so the elderly who are over 70 years old and the children as young as a few years old all start playing Axe. Interestingly, these players basically don't understand what blockchain is and what cryptocurrency is, they only know that these assets in the game can eventually be exchanged for real money.
However, there is also a threshold for playing Axe, and players must first spend money to buy at least 3 Axes on the Axe Market before they can start playing. At the beginning of 2019, 3 Axie players could buy it for only a few dollars, but by February 2020, the price of 3 Axie had risen to about $400.
In order to solve the high entry cost and encourage more players to participate, the Axie Infinity team designed a "scholarship program", through the form of a rental number, the account is lent to the player for free, and through the community training people how to make money through Axie Infinity, and finally the proceeds and the player 37 share (70% of the players). Soon, under the Scholarship Program, Axie Infinity's community grew rapidly, and these communities became an important driving force for Axie Infinty to go global.
Reports of Axie Infinity's fire in the Philippines were from the Internet
In June 2020, Sky Mavis entered Ubisoft's game incubator with this new "Play to earn" model and transcripts from Southeast Asia, and in November received its first $860,000 funding from U.S. cryptocurrency investment firm Delphi Digital. With delphi Digital, Axie Infinity further straightened out the game's economic system and ecosystem.
Complex and exquisite game design, to create a complete economic ecology
There are two main categories of assets in Axie Infinity, one is the NFT represented by the Axie Elves and the Lunacia Land, and the other is the in-game token represented by SLP and AXS.
Among them, the most core asset of the player in the game is the Axie Elves in the form of NFT. Similar to the Pokemon setting, these Axes are divided into different attributes, and currently include nine major categories: reptile, plant, night, water, flight, light, mechanical, insect, and beast.
Depending on the attributes, the body composition and skill cards of these Axes are also different, and these skills not only allow different Axes to exert different attack powers in the battle, but also bring non-homogeneity and scarcity to Axie, which directly leads to the difference in the market price of the Axe. According to the data on the official website of Axe infinity, the highest price of Axe has been sold for up to 300 Ethereum, about 8 million yuan.
Axie's kind, image from Delphi Digital
In addition, the land where the elves live has also been NFTed. The continent known as Lunacia is divided into a 301x301 grid, with each block representing a piece of land that players can buy, rent, and develop. The continent is currently divided into 5 grades: Savannah, Forest, Arctic, Mystery and Genesis, distributed from edge to center, and the supply of land parcels is getting higher and higher from more to less. After owning the land, the player can use it to raise elves and design and develop it independently, with a strong openness feature.
Last November, a piece of Genesis land was sold for 550 Ethereum (about $2.5 million), setting a new record for land sales at Axie Infinity.
In terms of tokens, there are two main types of tokens in the whole game – SLP and AXS. SLP (Smooth Love Potion) is a bonus token, players can get a certain amount of SLP rewards when using Axie for PVE (machine battle) or PVP (real battle), and the maximum number of SLP obtained per day is 75. AXS is a token dedicated to breeding and nurturing Axie, which can only be produced through monthly ranking rewards and land purchases, and only the highest ranked part of the player can receive AXS token rewards.
Players can use these tokens in-game to collect and cultivate more and stronger Axe, but they can also choose to sell the two tokens in the market for real money, and their prices will change in real time according to the market. Over the past year, AXS has seen a whopping 1035% increase.
Price action of AXS, image from Coingecko
Overall, there are several ways to make money on Axe infinity: one is to participate in battles through Axie and win awards on the leaderboards; the second is to cultivate Axes yourself and sell them on the market; the third is to collect and invest in rare Axe and land; and the fourth is to obtain income by reselling SLP and AXS in the market.
The founding team of Axie Infinity has said they want to introduce blockchain technology to the world in such an interesting way. Their ultimate vision is to turn Axie Infinity into an open-world game that integrates social networks, trading markets, battle spaces, pet breeding, and more, and they will give players the right to gradually produce content, allowing them to change from users to real owners, not only to control the props in the game, but also to determine the future of the game.
Axie's "Card" battle mode
"Axie Infinity becomes an ideal decentralized Web3.0 game when players participate in the game economy, create game content, and create more value for other players and developers." Jeff Zirlin, co-founder of Sky Mavis, said.
On top of such an entertaining and profitable model, Axie Infinity has also broken the circle quickly in the past year, and major players have quickly spread from Southeast Asia to all over the world, embarking on a path of development. In April 2021, Axie Infinity had only 38,000 daily active users, and by the end of 2021, it had approached 3 million monthly active users. In August 2021, Axie Infinity's monthly revenue reached $334 million, far exceeding Glory's $231 million revenue in the same period.
At the end of February this year, Axie Infinity's NFT historical sales exceeded $4 billion, becoming the world's first NFT game with sales of more than 4 billion.
How did the $625 million attack happen?
Now that we have a good understanding of what Axie Infinity is, let's return to this attack at the beginning of the article.
As mentioned earlier, Axie Infinity is a blockchain-based game, so both Axie's NFT and SLP and AXS assets actually exist on the chain. The attack was on the Ronin cross-chain bridge that connects Axie game assets and Ethereum.
Ronin is an Ethereum sidechain designed specifically for the Axie Infinity ecosystem by Sky Mavis, which allows users to send cryptocurrencies back and forth between Ethereum and Axie, designed to solve the role of the Ethereum network's high transaction fees and expand the capacity of NFT transactions, and is accompanied by the launch of the Ronin crypto wallet. Ronin is currently the most important infrastructure for Axie Infinity games, and all tradable assets in Axie Infinity games, including Axe elves, land, SLP, AXS, etc., are circulating on it.
Image from the Axie Infinity White Paper
For more efficient transactions, Ronin uses the PoA (Proof of Authority) consensus mechanism and uses fewer verification nodes (currently 9) for faster transfers. According to Ronin's design, if a deposit or withdrawal is required, five of the nine nodes need to be verified.
According to an announcement released yesterday by Sky Mavis, the attackers found a backdoor through Ronin's Gas-free RPC node, and through this backdoor managed to control Sky Mavis's four Ronin validators and a third-party validator run by Axie DAO, thus completing the extraction of a large number of assets. In fact, the attack occurred as early as March 23, but it was not until March 29 that some users said that they could not extract 5,000 Ethereums before they found that the assets had been stolen.
Currently, Sky Mavis has raised the threshold for Ronin's validators from 5 to 8, further decentralizing and increasing the total number of validators. The stolen assets are partly the assets of the players and the other part is the official reserve assets of Axe Infinity. For the loss of users, Sky Mavis said today that while the stolen assets are difficult to recover, Axe will do its best to compensate users, possibly by selling tokens to these users at a discounted price or withdrawing funds from the Axie community "vault" with $1.6 billion in assets to repay them.
In fact, in the past year or two, thefts on decentralized financial networks have been frequent. So far, the total losses of the various attacks on Defi have reached billions of dollars, and most of the reasons for the theft are due to smart contract vulnerabilities or hacking of private keys. And because once digital assets are stolen, donated, and traded, they are difficult to recover, often leaving users who have suffered losses with no way to seek.
The image is from Bloomberg and the copyright belongs to the original author
Since most of the current blockchain gamers are not experts in the field of encryption, but just to play games and make money, their security awareness is not strong, and the security verification settings are not complete. Previously, there have been many Axie Infinity players whose SLP, AXS have been transferred by others, Axie elves have been given away without permission, and their game assets have been transferred and immediately placed on the market for trading.
"Although non-blockchain games cannot help people make money, they are currently much higher than decentralized games in terms of security, even if the game number is stolen and the assets are hacked, they can also be retrieved through the customer service and technical support of the game company." If blockchain games want to go to the public in the future, the first thing that may be solved is the security problem and trust problem. A game enthusiast told silicon starmen.