The $600M Axie Hack
How trading security for speed led to the biggest sidechain hack in history
5,275 rare Keith Haring NFTs minting in 9 days. Funds support those impacted by HIV/AIDs.
Dear Bankless Nation,
It happened again.
$6 hundred million dollars.
That’s the cumulative amount hackers stole between ETH and USDC, making it the largest hack on the Rekt leaderboards.
William wrote a fantastic summary of events, but in short:
Ronin is Sky Mavis’ centralized custodial sidechain. When Axie Infinity went viral last July, Ronin helped scale transactions from the congested Ethereum network.
Ronin operates using a “Proof of Authority” consensus mechanism, meaning validator pools are very small. At the time of the hack, Ronin only had 9 validators and required 5 act honestly (think multi-sigs).
Ronin’s exploit wasn’t a technical smart contract vulnerability—it was a much simpler theft of validator private keys.
Details are still forthcoming on how the attacker accessed all 5 private key signatures, but it’s apparent that Sky Mavis did not have adequate security best practices in place to protect private key files.
But there’s a bigger lesson to learn here…
1. Assets on side chains are more risky
The security tradeoffs that come with processing transactions off a base chain like Ethereum aren’t anything new for those paying attention.
When you push your assets onto a sidechain, you are moving away from the trustless, decentralized form of security consensus on the underlying base Layer-1 chain.
Subsequently, you’re increasing trusted reliance on the reputation and security expertise of sidechains.
In short, you trade off security for costs and speed.
2. Scaling is the name of the game
As DeFi grows, the need to scale against user demand is exploding. Just this week, Binance announced plans to launch application-specific sidechains to reduce base network congestion for its blockchain games on its BNB Chain.
Considering the BNB chain has a grand total of 41 *approved* validators, that’s like streamlining the efficiency of national governments by setting up an intergovernmental body as an overseer.
It’s hypercentralization on roids.
In contrast, developers in the Ethereum ecosystem have opted to scale transactions via Layer-2 roll-ups instead.
Roll-ups allow faster transaction processing by compressing the data footprint on the base chain. Unlike sidechains, however, the security of roll-ups still depends on Ethereum's base chain, so users aren’t required to trust a separate set of validators.
3. We can’t forget decentralization as we scale
To accommodate user growth, everyone wants to scale fast, but not everyone is scaling securely. Ronin’s hack this week gives us a clear objective: find a way to scale without sacrificing decentralization and security.
Newer entrants to the crypto space care less about decentralization. They want fast and cheap transactions. But doing so at the cost of decentralization is a short-term game.
People complain about the slow pace of the Ethereum roadmap, but the truth is decentralization takes time. But decentralization is the long-term game.
We expect Sky Mavis and Axie to learn these lessons and come back stronger than ever. Maybe with a path to a fully decentralized rollup.
Here’s what’s lined up for next week:
How to get risk-free levered long on Ethereum 👀
Guide to getting price exposure to the Merge
- Bankless Team
Weekly Action Recap | March 28th, 2022
ACTION RECAP 📚
In the past two weeks, large-cap coins have been up and to the right with double-digit % growth. At this rate, David’s napkin-math TA shows BTC and ETH reaching ATHs by July, which is coincidentally when we’re expecting the Merge. ATHs and the biggest supply shock to Ethereum? 👀
Mirror is a Web3 publishing platform that offers a suite of web3-native tools to empower writers and creatives. This Bankless tactic demonstrates how to start publishing on Mirror and how to use the platform’s financial tools, e.g. crowdfunds, NFTs, splits, and tokens to become a Web 3 independent publisher.
The transition to Proof of Stake will be the most significant blockchain network upgrade this industry has seen, and probably ever will see. But consensus mechanisms are complicated, and the process of understanding them is riddled with rabbit holes and mental traps. Let’s set the record straight on 4 major misconceptions about PoS and PoW!
Profit = Revenue - Expenses. Blockchains generate revenue through transactions fees and expenditures through block rewards. As of now, from a P&L perspective, no blockchain is profitable and only one of them has the best pathway towards it.
WATCH & LISTEN 🔊
Weekly Subscriber Perks 🔥
Bankless Premium Members get access to perks like these:
Full Access: Is the bear market over? | Market Monday
Exclusive Debrief: The PoW vs. PoS Debate | Lyn Alden & Justin Drake
🎙️ NEW ROLLUP
Jobs opportunities 🧑💼
✨ See all listings on the Bankless Job Board✨
Bankless is hiring a web developer (come join us!)
Bankless is hiring an editor (come join us!)
🙏Thanks to our sponsor
Polygon Studios is on a mission to help build digital culture, play-to-earn gaming, NFTs, and the Metaverse ecosystem on Polygon. Some of the key projects supported by Polygon Studios include The Sandbox, Skyweaver, Big Time, Crypto Unicorns, and Decentraland—among others. Polygon Studios also helps fundraising & onboarding. Check it out here.
Stay updated on the latest amazing gaming, NFT, and metaverse projects:
Want to get featured on Bankless? Send your article to email@example.com
Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.
Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here.