Ronin Network: What a $600m hack says about the state of crypto

Thousands, if not millions, of people could have lost money in the second largest crypto hack in history.

Ronin Network, a key platform powering the popular mobile game Axie Infinity, has had $615m (£467m) stolen.

A 20-year-old from Wiltshire, Dan Rean, is one of those affected. He told the BBC: “I have lost 0.15 Ethereum, about $500. It’s bad but I have friends in a worse position.”

Jack Kenny is one of those friends, and said: “I’m down about $10,000.”

The 23-year-old from Ireland added: “I don’t think people fully understand the significance of this hack – $600m is a very big portion of all the assets in this network.”

Another man from the US east coast says he has lost $8,000, but adds there are people who may have lost their “life savings” after saving up digital coins from playing Axie Infinity.

axie infinityIMAGE SOURCE,AXIE INFINITY
Image caption,

Players fight in game with Axies

In the game, players fight cartoon pets called Axies to earn cryptocurrency.

The game is hugely popular with millions of players around the world hoping to win cryptocurrency and collect the game’s non-fungible tokens (NFTs).

Its particularly big in the Philippines, where playing has become a full-time and potentially lucrative job.

Ronin Network, which is also owned by Vietnamese parent company Sky Mavis, allows players to exchange the digital coins they earn in Axie Infinity with other cryptocurrencies like Ethereum.

It says a hacker transferred $540m worth of cryptocurrency to themselves six days ago, but the company only noticed on Tuesday when a customer was unable to withdraw their funds.

The stolen stash has since risen in value with the price of cryptocurrencies to be worth about $615m.

It’s just the latest in a string of mass crypto heists in the last year totalling well over $2bn.

The sequence of events around the hack tells us a lot about the perils of cryptocurrency and decentralised finance.

Will customers get their money back?

Ronin Network says it is “working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed”.

In the meantime, it has only put out one statement on its substack – a newsletter service – and taken its website offline.

It has also disabled comments on its company posts on social media, and the BBC has not had any replies from the many requests for comment sent to company bosses.

“I’ve not tried customer support because I know it’ll be useless,” says Dan.

“I just have to wait to hear from them if and when it’ll be fixed, and I can hopefully get my Ethereum out. Crypto companies don’t really work in the same way as regular companies,” Dan explains sympathetically.

Ethereum "coins"IMAGE SOURCE,RETUERS
Image caption,

73,600 Ethereum and 25.5M USDC were stolen from the Ronin bridge in two transactions

Ronin Network has not yet told customers what’s happening with their funds or when they will get their money back.

In most cases of mass crypto hacks, customers are reimbursed in some way, but it can take months or years.

Cryptocurrency writer David Canellis, from Protos, says direct communication with cryptocurrency companies is notoriously poor.

“When you’re dealing with entities that are handling more than half a billion dollars you’d expect a little bit more avenues and openness to communication – especially when there has been such a lapse in security around this hack.

“But then again, one primary tenet of the ecosystem is that anyone at all can launch their own projects, and there should be no barriers to this.”

How it happened

Ronin Network says that the hack started in November 2021, when Axie Infinity’s user base swelled to an unsustainable size.

The company said the influx of players caused “immense user load”, which forced it to loosen security procedures to cope with the increased demand.

It says that things calmed down in December, but that it forgot to retighten its security, and the hackers took advantage of the backdoor left open.

Economist and author Frances Coppola says: “This is pretty typical of crypto companies.

“We’ve seen so many hacks and exploits caused by – to be blunt – frank carelessness and lack of concern for the safety of people’s funds.

“Crypto companies are sometimes so anxious to make ‘loadsamoney’, or simply accommodate high demand, that they put out badly designed and tested code, compromise security, or place too much reliance on infrastructure.”

Related Articles

Back to top button