After learning that hackers had made off with an eye-popping US$600mil (RM2.53bil) from a software system tied to their beloved Axie Infinity video game, players reacted with shock and disbelief – and for the most part, kept on playing.
In the Philippines and Vietnam, users took to Twitter and Facebook to air everything from complaints about cryptocurrencies frozen in their wallets to conspiracy theories.
“I feel sad this happened,” Axie player Joni Watanabe said on Twitter on March 30, the day after the hack was announced. He added an admonishment to Axie’s operator about using proper security protocols, joining a chorus of crypto gamers clamoring for an explanation of how this could happen – and demanding that it be fixed.
While players can still steer their blob-like Axie creatures around the game’s virtual world of Lunacia in search of Smooth Love Potion (SLP) and Axie (AXS) tokens, one crucial aspect is now missing: The ability to move some crypto earned in the game out of the virtual world and into other digital currencies or fiat, and vice versa. That’s because the hackers targeted software known as a “bridge”, penetrating its security protocols and making off with a huge haul of Ether as well as USDC stablecoins.
That software, called the Ronin Bridge, was designed to allow Axie Infinity users to swap their AXS and SLP into Ether or USDC, an intermediary step to converting them to cash. It’s attached to the Ronin Network, the blockchain Axie Infinity runs on.
Activity on the Ronin Bridge has been paused while its operators investigate the incident and try to plug any security holes, though access to AXS and SLP withdrawals via crypto exchange Binance came back online Saturday. Sky Mavis, Axie Infinity’s owner, says it plans to make whole those players who lost funds in the heist, but has yet to provide further details on how.
A recent exploit on the Wormhole bridge, which transfers tokens between Ethereum and Solana, was resolved when its sponsor Jump Trading replaced roughly US$300mil (RM1.26bil) in stolen Ether.
“The easiest way to look at this is like the bridge is the bank for the Ronin Network,” Aleksander Leonard Larsen, chief operating officer of Sky Mavis, said Thursday by text message. “The heist that happened took out all the ETH and USDC. So the ETH/USDC on Ronin Network is not currently backed by anything. But we are looking at other options.”
While Sky Mavis hasn’t said whether the hack has caused an exodus of players from Axie Infinity, blockchain data compiled by DappRadar as of early evening Friday New York time showed a roughly 34% plunge in the volume of trading on the Axie Marketplace in the previous 24 hours and a 24% drop during the prior seven days. However, that doesn’t necessarily mean game playing is down, because you can still play Axie Infinity without registering transactions on the blockchain, which is what DappRadar monitors, said Pedro Herrera, a senior data analyst at the firm.
Trapped money is a big deal in markets such as the Philippines and Vietnam, low-wage countries where gamers have come to rely on Axie Infinity to pad their incomes. In the Philippines, by far the largest market for Axie Infinity, its popularity has been such that the authorities last year saw fit to remind gamers that profits from playing are subject to tax, local media reported.
A Dec 10 post on Axie Infinity’s blog, “The Lunacian”, showed the number of daily active users had jumped to around 2.5 million, an increase of roughly one million from three months before. The Philippines accounts for about 40% of active players, according to two different third-party websites that track gaming usage.
The carbon footprint from mining Bitcoin and many other (though not all) digital currencies means crypto as a whole typically isn’t associated with the “E” in ESG – short for environmental, social and governance.
But proponents have argued that it easily meets the “S” in that it helps with cheap and instant cross-border transfers in developing countries, or in the case of Axie Infinity, offers the promise of financial gains to those in poverty.
With a large chunk of Axie Infinity players’ money locked in the virtual realm, that argument gets less convincing. Sky Mavis’s investors include billionaire Mark Cuban, Animoca Brands and Alexis Ohanian, the co-founder of Reddit.
“In terms of who gets harmed the most by this, it’s not the venture capitalists,” said Catherine Flick, associate professor in computing and social responsibility at De Montfort University in the UK. “Even a few days’ delay in refilling the bridge, that’s going to affect someone feeding their family or paying bills, and in much, much greater a way than having a bit of a blip on someone’s investment portfolio.”
As Axie Infinity grew more popular, the up-front cost of playing by buying a squad of its mini monsters rose too high for some new users to afford. This led to the creation of “scholarship” programmes, where Axie players can have their entry cost funded in exchange for providing these backers, known as guilds, with a chunk of their earnings.
What this effectively created was a form of payday lending within the game – and as long as the Ronin bridge remains offline, scholars aren’t able to repay their debts.
“It’s basically indentured labour,” said Flick, noting that Axie Infinity’s developers are still able to reap the benefits of player activity even if the users can’t cash out their earnings. “These games create this kind of two-tier system, further dividing the haves and have-nots.”
Discussions in Axie Infinity’s Discord group showed guild managers complaining that the hack might be a catalyst that causes scholars to lose trust in the game’s earnings potential, similarly affecting their ability to monetise the teams they run.
They lamented a lack of public assurances from Sky Mavis’s investors to date, noting that the delay to re-fund the Ronin bridge has now gone on longer than it took for VCs to step in during other previous high-profile bridge attacks.
Manh Hung, a 27-year-old from Ho Chi Minh City who’s been playing Axie Infinity for six months, said that because deposits and withdrawals via the Ronin network were suspended after the attack was revealed, he wasn’t able to add Ether or SLP from outside then.
With prices of Axie characters initially falling sharply after the hack announcement, that means he missed opportunity for bargains, Hung said in a Facebook message.
Prices of both SLP and AXS fell more than 10% after the hack news Tuesday before largely recovering by Saturday, according to data from CoinGecko. Hung, who would only give his first and middle names, said he’s joined several social-media communities for Axie Infinity players.
He said they’re rife with conspiracy theories, including that the hack was a “publicity stunt” by the game’s developer, or a convenient excuse to delay the launch of the new Axie Infinity: Origin game, as Axie on Thursday announced it would do.
Sky Mavis’s Larsen said the theft was the result of a “social engineering attack combined with a human error”, and that the company doesn’t suspect insider involvement. He told players on Friday that the firm’s “top priority” was to ensure the Ronin bridge was safe and secure before it would reopen for business.
Ronin said on Saturday that the ability to convert tokens into Ether remains closed for the moment, while an exact timeline for the bridge’s reopening is dependent on security audits and updates to the bridge.
Whatever is behind the Ronin Bridge shutdown, it doesn’t change Hung’s calculus.
“I still keep playing the game as normal,” he said, adding that he doesn’t plan to alter how he manages his wallets. “I hope the developer will improve the security of Ronin Network.” Others may not be so forbearing. – Bloomberg