How centralization led to the Axie Infinity Hack causing a 600 million dollar loss!
Centralization is fast and efficient, until it’s used for bad.
Food for thought: The Axie Infinity Thief exploited the centralized nature of the Ronin Sidechain: an Ethereum sidechain.
In a surprisingly candid story, three experts hired to investigate the theft of 600 million dollars worth of Ether and USDC, from the Ronin sidechain, upon which operates the famous Axie Infinity game, explained the theft in cryptocurrency terms:
Crypto heist exploited key oversight;
Sky Mavis, the developer behind Axie Infinity, built a "side chain" — a secondary blockchain for faster, cheaper transactions — since transactions on the ethereum blockchain are expensive.
The side chain had nine so-called validator nodes, which are proof-of-stake tools that confirm transactions.
At least five are necessary to approve each transaction.
Sky Mavis oversaw five, and Axie Decentralized Autonomous Organization controlled four. Sky Mavis said it discontinued its agreement with the DAO in December but never revoked the permissions it allowed.
The hacker took over four of Sky Mavis' validator nodes and one from Axie DAO, enabling access to the crypto and eventually the massive theft.
Sky Mavis said it has since replaced all of its validators and is working to reimburse the stolen funds.
Max Galka, CEO of crypto forensics firm Elementus, pointed to the lapsed DAO deal as a major oversight, noting that vulnerabilities arise when cryptocurrencies are stored in side chains rather than native blockchains.
Fascinating, let’s break this down.
- Ethereum is Proof of Work, a label which means many things, but for our purposes here, it mainly means many, many computers all over the world have a copy of the record of ever transaction on the blockchain, and through a security process requiring the computers to solve complex math problems before verifying all transactions and the accuracy of the resultant ledger ( the record of such transactions) it is almost impossible for one or even 100 people working together to steal money/cryptocurrency. This is a central tenet of Proof of work, security.
- However, it’s expensive and while it can handle 10-12 transactions a second, or 600 transactions in a minute, or 36,000 transactions in an hour… it has trouble keeping up with demand.
Proof of Stake
- Proof of Stake, in contrast uses far fewer computers to perform the same tasks, usually 20-30, and is much faster and cheaper. But not as secure.
- There are far fewer computers to take over before you control the majority, and then you control the ledger or record books, and you can simply send money to yourself that doesn’t belong to you by making false entries in the ledger.
Honesty from Axie Infinity
- In a startling display of honesty Axie Infinity revealed it only had 9 computers validating the ledger of a billion dollar a year business, that has 2.8 million players sign on everyday. It cancelled the contract for a company running four computers, and the thief was able to trick people into giving him access passwords for one more computer, so the thief controlled five of nine computers, used them to create a false ledger, and in this type of security protocol his five computers told the other four to accept the falsified ledger, and they did.
- There are far more technical explanations, but the outline above is the English Language version.
- Unfortunately, many sidechains are developed with similar numbers of computers protecting the integrity of the sidechain blockchain ledger.
- ‘This compromises the security of funds on the sidechain, exactly as we see with Axie Infinity.
- These sidechains are centralized solutions to the technical challenges of a decentralized environment.
- This theft is a clear warning to many blockchains with sidechains, that your blockchain security, like any organizations security, is only as strong as your weakest link.
#axieinfinity #axie-infinity #600milliondollarhack #600-million-dollar-hack
#proofofwork #proofofstake #decentralized-network #distributed-network
Posted Using LeoFinance Beta