We’ve all heard of games that are pay-to-win, where developers sell in-game items that will give players a boost that will help them progress further in the game, but recently, there has been a rise in a new model called play-to-earn. This utilizes cryptocurrency and NFTs where players can “invest” in a game, play it, and the more they play and the more successful they are, they can actually earn crypto that they can then sell and make real-world money.
One of the more popular titles we’ve been hearing about is Axie Infinity, although unfortunately it seems that the game was hacked and hackers have made off with 173,600 ETH, which based on the current conversion is roughly a little over $600 million, making it one of the biggest crypto heists we’ve heard about to date.
It seems that user error played a part in allowing this hack to happen. What happened was that back in 2021, the developers of the game asked Axie DAO to help distribute free transactions to its players as they weren’t able to manage the user load themselves. Unfortunately, after the help period had ended, the allowlist access was not revoked.
This allowed the hackers to take control of the four validator nodes on the Ronin network, a sidechain used to allow players to access the Ethereum blockchain, and forge the withdrawal requests. It seems that only when a user attempted to withdraw 5,000 ETH that they realized that they were hacked.
According to the game’s developers, “ETH and USDC deposits on Ronin have been drained from the bridge contract. We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our top priority right now.”