کمک مالی Axie Infinity: Binance برای رفع ضررهای کاربران، سرمایه 150 میلیون دلاری را رهبری می کند

Axie Infinity publisher Sky Mavis has raised $150 million from the likes of Binance و آندرسن هورویتز (a16z) to replace some of the funds lost to hacker(s) earlier this month.

Sky Mavis said the raise, alongside cash on its balance sheet, would allow it to fully reimburse affected users.

Venture capital firms Paradigm, Dialectic, and Accel also joined the bailout.

The incident, which affected the Ronin token bridge, is the second-largest crypto exploit ever with 173,600 ETH ($578 million) and $25.5 million in USDC nicked.

The biggest to date is the هک شبکه پلی last August, which saw $611 million in crypto stolen but eventually returned.

“In order for the global ecosystem to continue thriving and maturing, it is imperative that we work together, especially when it comes to security, which is our strong suit,” said Binance chief exec Changpeng Zhao via Axie Infinity’s وبلاگ.

“We [Binance] strongly believe Sky Mavis will bring a lot of value and growth for the larger industry and we believe it’s necessary to support them as they work hard to resolve the recent incident.”

Sky Mavis to increase number of Ronin validators

Axie Infinity is a play-to-earn, NFT-centric game that touts around 3 million monthly users. Players battle and breed digital axolotls to potentially win lucrative rewards.

Axie Infinity can be a lucrative hobby. The characters (called Axies) can be sold on, so players work to improve their stats.

The game initially ran entirely on Ethereum. Sky Mavis launched Ronin, an Ethereum sidechain, last year as a means to alleviate network congestion and high fees that arose alongside Axie Infinity’s userbase.

Axie Infinity players could effectively transfer their Ethereum-bound cryptocurrency to the Ronin blockchain for use within the game.

• This was done by locking tokens inside an Ethereum smart contract, after which one would be credited with equally-valued “wrapped” tokens on Ronin.
• Users would receive their original tokens back upon withdrawal from Ronin.
• The hacker stole these original tokens, effectively leaving users out of pocket when it comes to actually using their cryptocurrency outside of Axie Infinity and the Ronin sidechain.

Sky Mavis says it only discovered the missing funds about a month after the theft occurred, when a player attempted to withdraw tokens from the Ronin blockchain to the Ethereum network.

But the attack, which Sky Mavis described as “socially engineered,” exploited Ronin’s centralized nature. There are only nine validators on Ronin; if five agree then those keys can approve any transactions they like — including withdrawals from the Ronin token bridge.

Sky Mavis controlled four private keys; the third-party entity Axie DAO had another. The hacker(s) compromised these five private keys to sign transactions that transferred the epic amount of crypto to an address under their control.

“While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack,” wrote Sky Mavis.

“It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this.”

The firm plans to boost the number of validator nodes from nine to 21 over the next three months. Private keys will be split between Sky Mavis stakeholders “including partners, community members, and long-term allies.”

Axie Infinity loot is being laundered

Two similar incidents involving hacked token bridges have occurred since August. As previously mentioned, Poly Network managed to retrieve all the lost funds after negotiating with its hacker.

Solana-powered token bridge Wormhole wasn’t so lucky. Just like Sky Mavis’ bailout, Jump Crypto stepped in to plug Wormhole’s monstrous losses earlier this year — a move no doubt inspired by Jump’s sizable investment into the Solana ecosystem.

به نظر می رسد Ronin situation echoes Wormhole’s. According to blockchain analytics unit Elliptic, the perpetrator is attempting to launder the stolen crypto via a number of routes, including standard crypto exchanges.

“The stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized,” said Elliptic in a blog پست.

Stablecoins like USDC are generally controlled by the issuers, the firm explained, who can in some instances freeze and claw back funds tied to illicit activity.

بیشتر بخوانید: [جامپ کریپتو مجبور شد سولانا را با کمک مالی 320 میلیون دلاری شرکت خود نجات دهد]

Afterward, the attacker moved to launder stolen Ether worth around $16 million across three crypto exchanges. PeckShield identified the exchanges as Huobi, Crypto.com, and FTX.

The attacker’s address also sent about 2,000 ETH ($6.5 million) to میکسر کریپتو تورنادو کش در اوایل این هفته.

This still leaves more than half a billion dollars worth of crypto to be somehow laundered. It seems the hacker is moving gradually.

Sky Mavis says it’s working with law enforcement and major exchanges to help track the funds and potentially catch the culprit(s).

به دنبال اخباری با اندازه لقمه هستید؟ در شد توییتر.

در حال حاضر: چهار قسمت اول از مجموعه پادکست تحقیقی در حال انجام ما نوآوری: شهر بلاک چین.