Just over a week after the announcement of the biggest hacker attack on cryptocurrencies ever known – in which about US$ 612 million (R$ 2.9 billion, approximately) was diverted from users of the mobile game Axie Infinity – , the Ronin Network, a platform dedicated to boosting the game, presented good news to the market.
This Wednesday (6) Binance, a global provider of infrastructure for the blockchain and cryptocurrency ecosystem, confirmed that it had led a $150 million investment round in Sky Mavis, creator of Axie Infinity, to replace stolen funds from Ronin. . With this, users who lost resources after the millionaire diversion will have to be refunded.
Analysts say it is too early to know whether the capital injection will be enough to restore the confidence of players with transactions in Axie Infinity after the criminals act. The fact is that the attack generated uncertainties about the extent to which the company guaranteed the protection of users’ income and what the level of security of digital currencies is. See what the experts heard by the UOL about the case, and whether it is worth investing in cryptocurrencies — and how safe and profitable this investment is.
In the hack, reported on March 29, hackers allegedly gained access to five of a total of nine networks that authorize transactions at Sky Mavis, which runs Axie Infinity. With this, it was possible to authorize withdrawals and divert resources to their own digital wallets.
The online game, based on fighting creatures called Axies (inspired by Pokémon), is quite popular. how is a cryptogamefollows the play-to-earn concept, generating rewards with cryptocurrencies that can be exchanged for real money.
Ronin (RON), created in January, is the network’s native cryptocurrency that powers the Axie Infinity game ecosystem. That is, RON is the token used to pay transaction fees on the Ronin Blockchain Network.
Lack of digital maturity
The security flaw at Ronin was a possibility expected by those who follow the market closely, according to Ney Pimenta, founder and CEO of BitPreço.
“There was a clear technical risk, ignored by many, which was the fact that there were few validators for blockchain. Therefore, it would be easier to make an attack and take over 51% of the computers and possession of the blockchain. The ‘attack 51 %’ has this name, because it is successful when a group of miners controls more than half of the computing power, with the aim of manipulating the use of cryptocurrency. A very different reality, for example, from [criptomoeda] ethereum, with thousands and thousands of computers”, says Pimenta.
For Samir Kerbage, chief technology officer at Hashdex, there is no doubt that blockchains – the main link in the crypto ecosystem – are very secure. The expert cites the example of the networks where bitcoin (BTC) and ethereum (ETH) digital currencies are traded, which have never been hacked and are the best-known digital currencies in the world.
However, Kerbage says that many applications built on these infrastructures are still at an early stage in terms of technological maturity. Therefore, they are more prone to bugs and errors in the software development process, opening potential gaps for attacks.
Over time, as the technology matures, the expert says events like what happened with the Ronin Network will become much less frequent.
“Small” scam close to market size
Although the blow against Ronin was the biggest in the history of cryptos, Andrey Nousi, CFA and founder of Nousi Finance, declares that it is necessary to relativize the impact when comparing the size of the hole with what is moved throughout the industry, around of $2 trillion a year.
However, he says that there will be some weaknesses “turn and a half”.
The crypto market is created by contracts, and these contracts are programming languages that sometimes find fault. Unfortunately, yes it does. These vulnerabilities exist and are taken advantage of.
Andrey Nousi, CFA and founder of Nousi finance
Head of TC, Paulo Boghosian says that every new market, such as crypto-assets, creates opportunities for scams, attacks by hackers and opportunists.
Traps can take many forms, according to the expert. They range from investment funds that claim to invest in cryptocurrencies, but are actually pyramid schemes; untrustworthy brokers and intermediaries; and even cryptocurrencies that do not have serious teams.
To date, according to Boghosian, most of the hacked projects have had their funds returned to the harmed users, like what should happen to Axie Infinity users after the $150 million contribution. The same happened with Wormhole.
When it comes to serious projects with institutional money, these end up guaranteeing the safety of the project.
Paul Boghosian, head of the TC
Through a note, Trung Nguyen, CEO of Sky Mavis, says the company is committed to refunding all lost user funds and implementing strict internal security measures to prevent future attacks. With the investment of US$ 150 million, the executive said he will be able to quickly expand the set of validators from five to 21 and ensure greater security for the Ronin network.
Care reduces exposure to risks
There are some precautions that can protect investors or reduce their exposure to crypto-asset risks.
Boghosian says that the investor should research the services and security initiatives of the companies that intermediate operations with these assets. For him, today there are brokers that adopt an advanced security scheme, and often have insurance and entities that cover some type of attack.
Another recommendation is to seek out crypto funds regulated by the Securities and Exchange Commission (CVM). “When something seems too good to be true, be suspicious”, declares the head of TC.
More tips for those who want to invest in cryptocurrencies
Gaius villainvestment director at Uniera, recommends some behaviors that can help investors increase the security of their cryptocurrency trading — which includes yields on cryptogames such as Axie Infinity.
1) Private key: like a password, always take good care of it and don’t have it saved in an online environment. Shuffle the word order and don’t let anyone have access, except people you trust. If the private key is exposed, its holder can do whatever they want with the assets. The Ronin Network hacker gained access to four private keys, which contributed to the attack.
2) Be very careful when using bridges: Ideally, you should always hold the asset on its native blockchain, not a synthetic asset (an asset on a secondary blockchain of equal value to another “real” asset). For example, wBTC and renBTC. These bridges are prone to failure — so many hackers take advantage.
3) Insurance: if you are going to interact with a protocol or outsource the custody of an asset, buy insurance whenever possible. There is insurance against invasions, bugs in smart contracts, oracle failures (oracle), impossibility of withdrawal for any reason (when it is a centralized service), for example. However, there is no insurance against private key leakage.
4) More layers of security: it is possible to have the management and custody of assets with a layer of security above a possible leak of your private key. Just use a service like Gnosis Safe, in which several signatures are required for a transaction to take place. Gnosis Safe (a free service) has a TVL (total value locked) of over $20 billion.
Gains outweigh the risks
Despite the risks, Ney Pimenta declares that the possible gains from trading cryptocurrencies outweigh the risks with attacks. Ethereum, for example, has gained about 32% in one year.
However, he says, asset exposure must be calculated. For the specialist, you cannot invest in anything new without first understanding the project, that is, knowing its purpose and all the technical basis, which requires study.
The Brazilian investor still does not have much regulation on cryptoassets, which increases the risks. In addition, many projects are based outside Brazil, which, according to Pimenta, makes it difficult to recover money lost in the event of attacks.
See some of the biggest attacks on crypto assets
- March 2022: around $615 million was taken from the Ronin blockchain through theft of cryptocurrencies taken from their systems;
- February 2022: Wormhole, one of the best-known platforms in the cryptocurrency market, had a $320 million hole after a hacker attack;
- August 2021: hackers took $611 million from Poly Network;
- September 2020: $281 million was taken from crypto exchange KuCoin;
- January 2018: Coincheck had $532 million worth of NEM tokens stolen;
- February 2014: Japan’s Mt.Gox was attacked by hackers and saw about $500 million disappear.