The Axie Infinity ecosystem suffered a security breach last week, with more than $600 million worth of crypto funds stolen.
Now the developers have delayed an upgraded version of the game following the attack.
Earlier this week, Axie Infinity developer Sky Mavis revealed that its Ronin Network sidechain had been hacked, with about $622 million worth of crypto funds drained from the bridge that connects Ronin to Ethereum. Now the security breach has led the creators to delay a long-awaited overhaul to the play-to-earn game.
Axie Infinity: Origin, a significantly upgraded version of the NFT-driven monster-battling game, was planned to launch today as an alpha version. But due to the fallout from the exploit, which took place on March 23 but was discovered and announced earlier this week, the Origin launch has been delayed a week to April 7.
“While the game is ready for soft launch, we’ve decided to give the engineering and security team an additional window of time to deeply investigate all implications of the breach, before asking for their full attention to support Origin’s release,” reads a post from Sky Mavis.
On Tuesday, Sky Mavis disclosed that a hacker had drained 173,600 ETH and 25.5 million USDC stablecoins from the bridge that connects its custom Ronin sidechain to Ethereum. At the time of the announcement, those crypto funds were worth about $622 million.
The actual attack, however, took place on March 23—and it went unnoticed for days. Sky Mavis said Tuesday that it was clued into an issue when someone tried to withdraw 5,000 ETH worth of their own funds from Ronin and was unable to do so.
According to the developer, the exploit was executed when someone used “hacked private keys” to take control of five of the nine validators that sign transactions on the Ronin network. Sky Mavis temporarily shut down the bridge and the Katana decentralized exchange (DEX) once the attack was discovered, to mitigate any potential further exploits.
The studio pledged to “make sure all funds are recovered or reimbursed,” and is working with law enforcement, crypto forensic firm Chainalysis, and its investors to figure out next steps.
Sky Mavis also said that all funds still remaining on Ronin are currently safe. Since some funds have been transferred from the attacker’s wallet to centralized exchanges, co-founder Jeff Zirlin said at NFT LA on Tuesday that “there’s a chance that they can be identified and brought to justice.”
The Ronin attack ranks as the second-largest DeFi hack of all time, based on the value of the stolen funds at the time of the exploit ($552 million), trailing only the $611 million Poly Network hack from August 2021. In that case, most of the funds were returned by the hacker, who suggested that the whole thing was designed to teach Poly Network a lesson about lax security.
Axie Infinity: Origin is billed as a robust upgrade to the current experience, in which players buy and battle with monsters sold as unique NFT collectibles. Origin revamps the battle system with richer graphics and more strategic gameplay, the developer has said.
It also marks the addition of free-to-play elements, letting users play with “starter” monsters without first buying NFTs. Origin will be launched as a separate game client from the original Axie Infinity experience, but it will use the exact same NFTs. The alpha version of Origin will not provide token rewards, as Sky Mavis announced in February.
Axie Infinity is the most successful game to date in the crypto space, onboarding millions of players and generating more than $4 billion worth of NFT trading volume. However, the game’s play-to-earn economy has suffered in recent months as Axie’s token values, NFT prices, and trading volume have all fallen significantly, prompting various tweaks to the rewards model.
The best of Decrypt straight to your inbox.
Get the top stories curated daily, weekly roundups & deep dives straight to your inbox.
Download MAXBIT Android App, Your best source of all crypto news!