Axie Infinity is a popular blockchain gaming platform which was involved in a large hacking incident resulting in the loss of $540 million in cryptocurrency. The platform is a non-fungible token-based online video game developed by Vietnamese studio Sky Mavis, known for its in-game economy utilizing Ethereum-based cryptocurrencies.
Axie Infinity Hack: What Happened?
According to a report by The Block, earlier this year, Axie Infinity was compromised by a North Korean APT group that siphoned the enormous amount of money in crypto assets through a job offer spear phishing attack. “Hackers duped a senior engineer at Axie Infinity into applying for a job at a fictitious company,” The Block’s Ryan Weeks wrote.
Apparently, the hackers obtained private keys associated with four validator nodes that belong to the Ronin Network which the platform runs on. The second node belongs to the so-called Axie DAO, a decentralized organization supporting the platform’s ecosystem, the report said.
What is a private key? A private key is similar to a password, and it secures the crypto wallet in a way similar to a PIN. Validating nodes, also known as validators, are computers that maintain a blockchain network and validate and process transactions.
One of the issues that enabled the Axie Infinity hack is the fact that Axie’s systems relied on a “relatively small number of validators”. More specifically, the Ronin network is only supported by nine validating nodes, and the hackers successfully got hold of five, thus obtaining the majority control over the network.
Furthermore, another issue is that all those validators were placed in one single location, meaning that they were not well distributed between independent organizations. In truth, the attackers only needed to compromise one organization to carry on with the hack. Using majority control, the hackers were able to write checks to themselves, stealing 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC) in all, or approximately $540 million in value.
NFT security is an increasingly concerning issue. In 2021 alone, North Korean hackers launched at least seven large-scale attacks against cryptocurrency platforms, making $400 million worth of digital assets.