The well-known chain game Axie Infinity was hacked and lost $625 million, and superstar Jay Chou’s NFT was also stolen. There has been a surge in hacking incidents targeting the DeFi space recently. What other hacking incidents are there, and why are hackers very active in this field recently?
Lost $625 million overnight
On March 29, 2022, Axie Infinity was hijacked (hacked), losing $625 million worth of Crypto losses (173,600 ETH and 25.5 million stablecoin USDC) overnight. The hack was the largest ever attack on DeFi.
Axie Infinity is an NFT-based online video game developed by Vietnamese studio Sky Mavis. Axie Infinity uses Ethereum-based Crypto AXS and SLP as tokens. Axie Infinity allows players to collect, breed, fight and trade creatures called “Axies”, which exist in the form of NFTs.
Axie Infinity Games
New players need to purchase at least three “Axies” to start the game. In February 2020, Sky Mavis estimated that the average gamer spent about $400 on three “Axies.” By December 2021, three “Axies” cost upwards of $1,000.
The game adopts the “Play to earn” method. After paying the initial fee, participants can use “Axies” to earn Ethereum-based in-game CryptoSLP. Axie Infinity allows users to cash out their SLP tokens every fourteen days. In fact, the outside world has described this model as a form of gambling, an over-reliance on a volatile market for the influx of new players.
The attack caused AXS to drop about 9%, and its market value is now around $400 million. Axie Infinity’s infrastructure, Ronin, saw its RON token drop by 22%. At the same time, the security issue of the decentralized financial system (DeFi) is put on the table again. If the security of users’ basic assets cannot be guaranteed, then blockchain, Crypto, NFT, Chain Games and the Metaverse are just empty talk.
Source: Coin Market Cap
All assets in the Axie Infinity game actually exist on the chain. The attack was on the Ronin cross-chain bridge used to connect Axie Infinity game assets and Ethereum. The Ronin cross-chain bridge is an Ethereum sidechain specially designed for the Axie Infinity ecosystem of Sky Mavis, allowing users to send Crypto back and forth between Ethereum and Axie, aiming to solve the high transaction fees of the Ethereum network and the role of expanding the NFT transaction capacity , and launched the Ronin crypto wallet. The Ronin cross-chain bridge is currently the most important infrastructure for Axie Infinity games.
Sky Mavis issued an announcement stating that the attackers discovered a backdoor in the Ronin cross-chain bridge node, and managed to control four Ronin validators of Sky Mavis and a third-party validator run by Axie DAO through the backdoor, thus completing a large number of assets. extraction. This attack occurred as early as March 23, but it was not until March 29 that users discovered that their assets had been emptied, and then discovered the incident. The hack resulted in the depletion of all ether and funds on Ronin. Sky Mavis said it has now increased the number of validators from five to eight to improve the security of the asset. Part of the assets stolen this time are the player’s assets, and the other part is the official reserve assets of Axie Infinity. Sky Mavis has partnered with government agencies as well as platforms to try to recover the stolen funds. Among them, Binance, the world’s largest Crypto exchange, blocked the potential addresses of the hackers and suspended all deposits and withdrawals based on the Ronin cross-chain bridge.
Jay Chou’s NFT theft lost more than $500,000
On April 1, 2022, well-known singer Jay Chou posted on the social platform Instagram that his Bored Ape, BAYC#3738 NFT had been stolen.
Jay Chou IG post
The Bored Ape Yacht Club, referred to as BAYC, is built on Ethereum. It has released NFT avatars with the theme of monkeys, and it will be sold to the public on April 23, 2021. BAYC has released a total of 10,000 monkey NFT avatars, and the monkeys are different. These monkey avatars are stored on Ethereum in the ERC-721 standard (NFT’s Ethereum contract standard non-fungible token) and stored and hosted on the IPFS network. At the beginning of the release, the price of an ape avatar was 0.08 ETH.
The Bored Ape Yacht Club官网
The sale didn’t get a lot of attention at first, until May 1st, when well-known collector Pranksy noticed the project and announced that more than 250 apes had been purchased. From the moment he tweeted, BAYC’s sales, users, and transactions began to surge. After only 117 minutes, BAYC was sold out. And according to the BAYC team, they never had a private conversation with Pranksy.
Each BAYC NFT avatar has unique characteristics. The team created different expressions, headgear, clothing and other characteristics of the monkeys, and generated avatars with different characteristics.
Various BAYC NFT avatars with different shapes
Buying a BAYC NFT avatar is not just buying a digital artwork, the buyer can also get the qualification to enter the BAYC club. The BAYC NFT owned by the buyer is a digital identity and can enjoy club-only benefits and products. A BAYC user commented: The BAYC club is like a club in college, everyone will connect with each other, everyone will set the avatar of the social network as an ape, and they will follow each other, causing the trend of “Ape follow Ape” .
Many celebrities also started buying apes, which brought more attention to the project. For example, NBA player LaMelo ball, NBA chairman Daryl Morey, well-known DJ duo Bassjackers, well-known DJ 3lau, Chen Bolin, Wu Jianhao, Shawn Yue and many other Chinese stars. They have used BAYC’s avatar as their social media avatar. These celebrities have greatly stimulated the public’s interest in BAYC.
The NFT was presented to Jay Chou by Huang Licheng in January 2022. According to the data on the chain, after this NFT was stolen, it was quickly traded at prices of 111ETH, 130ETH, and 155ETH. Up to now, this NFT has been paid attention to by the project party and returned it to Jay Chou.
The cross-chain protocol was hacked and lost a total of $1 billion
On February 3, 2022, the cross-chain protocol Wormhole was hacked, resulting in a loss of 120,000 ETH (worth about $326 million at the time). After the hacker attacked Wormhole, 80,000 ETH was transferred to the Ethereum network, and the remaining 40,000 ETH remained on Solana. Wormhole is a protocol that allows users to bridge assets across blockchains. The total value of assets locked in Wormhole exceeds $1 billion and supports six blockchains: Terra, Solana, Ethereum, Binance Smart Chain, Avalanche, and Polygon.
Wormhole announced on the same day that the vulnerability had been fixed and the protocol resumed operation. But there is no clear answer to these stolen funds.
On August 10, 2021, Poly Network was hacked and lost approximately $610 million. Poly Network is the world’s leading lightweight heterogeneous chain cross-chain interoperability protocol. Poly Network mainly deploys smart contracts through technology, connecting communication and transactions between many public chains. In August 2020, the main network of Poly Network was launched. Poly Network is a cross-chain organization jointly initiated by Neo, Ontology, and Switcheo Foundation as founding members, and distributed technology as a technology provider.
The initial source of funds for the hackers was XMR, and then they were exchanged for BNB, ETH, MATIC and other currencies in the exchange and withdrawn to 3 addresses respectively. Soon after, they launched attacks on 3 chains to manage the contracts of Poly Network. The member replaced himself and stole funds from multiple wallets.
However, in the end, the hacker finally forced the hacker to return the stolen assets because of the difficulty of realizing it and many security companies infer some key information of the hacker from clues such as on-chain data.
The Wormhole incident ($330 million) and the Poly Network incident ($610 million) made people doubt whether the blockchain world is really safe.
Blockchain’s Rise Drives Hackers to Target Crypto Exchanges
In 2019, Zhao Dong, a shareholder of Crypto exchange Bitfinex, said on Weibo that in the eyes of professional hackers, there is only a matter of time, and there are no unbreakable exchanges and blockchain platforms.
The continued rise of Crypto and blockchain-related products has made stealing Crypto an “increasingly popular” activity. Crypto exchanges host and aggregate a large amount of wealth from institutional and retail investors, making hackers lucrative. In addition to the top exchanges, small and medium-sized exchanges have low security defense levels. At present, small and medium-sized exchanges do not pay enough attention to security defense, mainly because the maintenance cost of security defense systems is very high. Second, and more importantly, the current encryption industry, especially the Crypto industry, is free from supervision. Loss, legal risk for hackers is very low. In addition, it is precisely because the encryption industry is outside the supervision that after a successful attack by hackers, whether it is cashing out or transferring assets, it is difficult to monitor the assets, so hackers are more willing to obtain encrypted assets.
Crypto market cap continues to rise
Source: Coin Market Cap
Looking at the world, hacking incidents of Crypto exchanges occur frequently. 01Blockchain has sorted out most of the Crypto exchange hacking events, losses, etc.
Some Crypto exchanges were hacked
Data source: 01 Blockchain finishing
According to the incomplete statistics of 01 Blockchain, from 2011 to the present, 44 hacking incidents have caused the Crypto exchange to lose at least 1.1 million bitcoins, which is worth a total of 51 billion US dollars according to the price at the time of writing. 01Blockchain organizes the number of hacking incidents in each year into the following table by year.
Data source: 01 Blockchain finishing
Hackers are also increasingly targeting decentralized financial platforms. According to data from blockchain analysis firm Chainalysis, the amount received by illicit Crypto addresses in 2021 increased by 79% from the previous year, reaching $14 billion. At present, there are not enough protection measures to ensure the safety of investors’ property, and the industry needs more practical exploration to improve the decentralized financial system.
Aleksei Korobeinikov, an expert in blockchain system and blockchain software DApp research and development, said that in view of the current security vulnerabilities in DeFi projects, the platform must not only conduct multiple reviews of key links such as smart contracts, but also realize that it has a profound understanding of the core system architecture and logic. A team of experienced developers who understand will be the focus of preventing hacking.
Most of the reasons for the theft of Defi are due to smart contract vulnerabilities or private key hacking. And because digital assets are difficult to recover once stolen, transferred, or traded, users who suffer losses often have nowhere to ask. Therefore, blockchain and DeFi actually have security concerns, which are not 100% secure.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/defi-gradually-being-targeted-by-hackers/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.