A popular blockchain game called Axie Infinity may have suffered the biggest security breach in the history of decentralized finance, popularly known as ‘DeFi’.
Hackers forged withdrawals from the game’s ronin network last week, which caused nearly $615 million in damages, and said it was working with law enforcement to recover the money and reimburse players, many of whom played Had to pay hundreds of dollars. It’s not clear how many gamers were affected. It is also postponing the launch of a similar play-to-earn game. The incident points to a growing challenge for ‘web3’, a catch-all term describing digital services built on blockchain technology.
A growing list of breaches that stem partly from errors in writing Web3 code are exacerbating one of the great promises of blockchain – increased security – and halting the technology’s progress toward mainstream acceptance. .
Last August, hackers stole more than $600 million from a blockchain program called Poly Network. Then in February, about $320 million was stolen from a so-called bridge that allowed people to transfer crypto assets between two popular blockchain networks, Solana and Ethereum.
In both cases, most, if not all, funds were returned to the original holders. But DeFi, or near blockchain networks, trying to serve as an alternative to traditional financial systems, have become an attractive target for hackers, thanks to the billions of dollars locked in a variety of applications, largely autonomous. are run. The money stolen in the latest hack had not been removed from the wallets of the attackers at the time of writing.
According to cryptocurrency security firm CertiK, the amount lost through the hacks of DeFi projects more than doubled in 2021. A timeline on security website CryptoSec.Info lists 83 alleged breaches of DeFi services, with losses of approximately $2.3 billion between January 2020 and February 2022.
For those still willing to invest in web3: steel yourself, keep coming for the hack. An investor in Axi Infinity developer Sky Mavis has said that the latest hack should serve as a warning to venture capitalists about inherent security vulnerabilities in blockchain services, especially with critical tools like bridges.
One issue with Ronin was that it worked off-chain, acting as another layer on top of the Ethereum blockchain to allow transactions to happen more quickly and cheaply. Trade-off: A secondary layer is not as secure as a blockchain.
According to British DeFi founder Dan Hughes, the Ronin network did not elaborate on the mechanics of the hack in a blog post, but attackers may have exploited network congestion to verify large numbers of transactions at once. . Startup Radix.
In other words, Ronin’s attackers may be exploiting a weakness in the network’s processes rather than a stray bug, pointing to some of the wider difficulties of building blockchain-based apps whose hack-protection can be relied upon.
Many developers who build apps for Ethereum use a programming language called Solidity, designed for smart contracts, which is a simple program on the blockchain. But building with Solidity is one of the most complex forms of programming. Coders have to plan their moves carefully and it doesn’t take many tries to get something right. Mistakes aren’t just a mistake, as might happen with a site or app on the traditional web. This could lead to a security vulnerability, and with financial services creating such a large number of web3 apps, that would put large sums of money at risk.
“Sometimes, something as simple as a typo can be used by a savvy hacker,” Hughes said in a Twitter Space discussion with Bloomberg Opinion last week. The reason behind a coding mistake with was a security breach of Ronin Networks.
Still, a recurring string of hacks should serve as a wake-up call for potential investors, and for web3 companies themselves to invest more in securing their overly complex systems.
Hughes states that there is a prevalent “move fast and break things” culture in the development of Web3. This can be even more dangerous when poorly designed algorithms lead to financial ruin.
“The problem with hacks is that if you build a secure system, you have hundreds of thousands of ways to fix it,” Hughes says, pointing to an issue that plagues Web 2.0 as much. Affects as much as web3. “You’ve got to get it right every time. A hacker only has to fix it once.” © Bloomberg
download
The app will get 14 days of unlimited access to Mint Premium absolutely free!