After $625M Axie Infinity Hack, Are Your NFTs Safe?

This week saw the largest cryptocurrency hack in history, as hackers stole more than $600 million of ETH and USDC Stablecoin crypto from the popular NFT “Play-to-Earn” game Axie Infinity. The impact is still ongoing, but what does this mean for NFT holders going forward? Are your NFTs safe?

Watch On YouTube

Episode Highlights

Hackers hit popular video game, stealing more than $600 million in cryptocurrency: “In a brazen attack on popular video game Axie Infinity, hackers swiped $625 million in cryptocurrency, the game company’s executives said Tuesday, marking one of the largest crypto-thefts to date amid rising rates of such crime.

The theft occurred last Wednesday, according to the company, when hackers infiltrated part of Ronin, the underlying blockchain that powers the game.” (Washington Post)

Axie Infinity’s Ronin Network Suffers $625M Exploit: “An attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan. While the Ronin sidechain has nine validators requiring five signatures for withdrawals and is meant to protect against these types of attacks, the blog post notes that “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.” (Coindesk)

Axie Infinity Owner ‘Fully Committed’ to Reimbursing Players After Hack: “Among possible ways to raise funds, Sky Mavis could sell some of its Axie-related tokens in bulk at discount to major players, or sell the company’s equity to raise cash, said Sam Peurifoy, head of interactive at Hivemind Capital who also leads the play-to-earn guild Kapital DAO in Axie Infinity.

Alternatively, the Axie community could host a vote to approve liquidating enough funding from its “community treasury” — which currently has a total net worth of $1.6 billion — for reimbursements of the hack, Peurifoy said.” (Bloomberg)

The Axie Infinity NFT Collection

About The Show

NFT Investor Nation is the show for passionate NFT traders, collectors and investors. Listen in as host Scott Hawksworth talks with leading NFT artists and entrepreneurs.

Connect With NFT Investor Nation

Transcript

Scott: Hello, and welcome to another episode of “NFTnvestor Nation,” brought to you by Cryptogic. I’m your host, Scott, back with you once again, and joined once again also by Andy Hagans. And Andy, welcome back. How are you doing?

Andy: I’m doing great, Scott. It’s a rainy day here in Michigan, but life is good. No complaints.

Scott: Yeah, life is good. It’s a rainy day for a lot of folks in the NFT world and specifically Axie Infinity players because today we want to talk about the big news that happened this week, which was the hack of Axie Infinity’s Ronin network and the estimations kind of vary, but everybody agrees it’s more than $600 million worth. I heard $615 million, $625 million.

Andy: Yeah, Scott. You know, I was just playing around in the mainframe. I didn’t mean to steal anything. So, it was all an accident.

Scott: I was just pressing a button.

Andy: Exactly. No, no, guys. I’m not smart enough to be a hacker. So, it wasn’t me.

Scott: It wasn’t you. It wasn’t me either. But the fact is, is that all of the Ethereum and USDC stablecoin was taken out of that network and transferred off. And this was just a monumental hack, the largest hack that we’ve seen. And there’s a lot of implications here.

There’s a lot of narratives here. I really quick want to just go through the absolute facts of this that we know right now. So, it was their Ronin network which supports Axie Infinity. And for those who are unfamiliar, Axie Infinity is really the largest arguably play-to-earn game out there where you can purchase NFTs of their creatures and you can battle them, collect them, trade them, and earn basically tokens while you are playing this game, so, play-to-earn.

And essentially, it was announced Tuesday a loss of, in this article here, $625 million. I just saw $615 million earlier before we started this. And the exploit affected Ronin validator nodes for Sky Mavis, which is the company that owns and operates Axie Infinity as well as this network, which is an Ethereum sidechain network.

And in our show notes, we’re going to have a link to that white paper if you’re unfamiliar. But essentially, what they did is that they used hacked private keys, this hacker, in order to forge fake withdrawals from the network. And you can actually look at the transactions on Etherscan.

You can see, you can literally see where it happened and when this took place. And, yeah. I mean, I think that’s the basic facts of what happened. Now, I think, it’s time to, okay, this has occurred, there’s a hack, then you have the reaction from everyone.

And, Andy, I know you have some thoughts here because as soon as this happened, the media really took off. You have folks, you know, media elements that understand cryptocurrency. They had really a fact-based approach. There are also lots of opinions. There’s a Washington Post article that we’re going to link in the show notes that really kind of took NFTs to task, took cryptocurrency to task for this.

So, I’m curious to hear your take on that because a lot of people think that all this negativity, while that’s really bad for crypto, for NFTs, you have a different take.

Andy: Yeah. And, you know, I mean, first of all, it’s only a matter of time, right? With any new technology like this, especially on the blockchain, you know, online, only a matter of time until there’s going to be the next, you know, biggest hack. And this won’t be the biggest hack because there’s going to be another one that’ll be bigger than this.

Right? So, growing pains, obviously. And I mean, if you think in the long run, you know, these blockchains and technologists and entrepreneurs they learn from hacks and, you know, it’s kind of unfortunately built in to human nature and to networking, that these are going to happen.

I mean, my contrarian take, well, first of all, you mentioned The Washington Post and a little, you know, personal take here. Obviously, I, you know, take a lot of issue with many mainstream media sources and their biases and their ideologies that they’re promoting and their misinformation, I would say, but I think Washington Post, they may be the worst.

I mean, they may be out of all the legacy media, honestly… Seriously. I don’t know when the last time I read a Washington Post article. And I mean, I do a lot of reading. Even media that I don’t particularly agree with, I like to read because I like to expose myself to all kinds of different perspectives.

And I really do think that The Washington Post is like the worst of these legacy newspaper. I mean, I really think they’re like toilet paper, but…

Scott: The roast of The Washington Post brought to you by Andy Hagans. I love that.

Andy: Yeah. And so this doesn’t surprise me at all that you had mentioned The Washington Post, but I noticed this with crypto, you know, when crypto was dumping a couple of months ago, and it’s pumping again, by the way, you know, it was on Bill Maher, you know, making fun of crypto, “All these dumb crypto investors, oh, they sure learnt their lesson.” People love…

Scott: I talked to John Oliver the other day and he had, like, a Bored Ape’s joke and was, you know, saying, “If you have Bored Apes, you’re an idiot,” or whatever his joke was that got the laughs.

Andy: Speaking of media that I don’t particularly care for. But I would say, first of all, you know, when hacks like this happen, it’s like, obviously, NFTs… you know, they’re still not exactly mainstream and things like this may make that mainstream adoption, like, it’s kind of a bump in the road.

That’s not necessarily a bad thing. Do you really want NFTs and crypto to be, like, totally mainstream tomorrow? Because from an investor’s standpoint or even a collector’s standpoint, that probably just means everything is going to get a lot more expensive. All of these digital assets are going to get a lot more expensive. In the traditional markets, we have the saying that a bull market climbs a wall of worry, right?

And maybe a crypto market climbs a wall of hate, probably also climbs a wall of worry. I just find that all of this, you know, hate and mockery, whatever, what have you, pretty much tees up the next leg of a bull run. It may not be tomorrow or whatever, but I do think that a bull market climbs a wall of worry, climbs a wall of hate.

So, you know, the fact that NFTs are going to get punched around, they’re not going to disappear. Right? The overall market capitalization may go up, may go down, and, you know, big news stories like this might affect it. There might be an NFT winter, you know, sort of, like, there’s been crypto winters. But I think if you like NFTs, if you’re an NFT collector, NFT investor, you know, don’t look at this as a bad thing.

It’s all part of that process, part of that, not only market cycle, but part of that technology cycle. And if you want to be an early adopter or, you know, that bold investor, this is just part of the ballgame.

Scott: I think it’s such a great point, Andy. And I think there’s also…when something like this happens, there’s this, “Okay. Where do we go from here?” And I want to mention this because this actually has come out recently. Axie Infinity’s owner came out saying that they’re fully committed to reimbursing players after this hack.

So, the game itself generated $1.3 billion in the last 12 months through February. So, clearly, there’s a lot of revenue generation that is happening here. And they have a lot of options that they’re exploring.

So, I think too, from the NFT holder perspective, whether you’re playing Axie Infinity and you have, you know, their tokens and you’re into those NFTs or it’s another NFT, there are opportunities to be made whole after a hack like this that people are exploring. I just want to…

Andy: Which is, Scott, and that’s…yeah, this is surprising to me. I mean, when I heard that amount… I mean, I often say I knew of Axie Infinity. But when I heard the amount, I was just like, “Oh, boy, that’s game over for them.” And then we were talking about it and it’s like, no, actually, this project has been so successful, that’s not game over, but go on.

Scott: The Axie community, and this is from this article, could host a vote to approve liquidating enough funding from its community treasury, which currently has a total net worth of $1.6 billion for reimbursements of the hack.

Andy: Wow.

Scott: So, this hack, yes, debilitating in terms of all that Eth and USDC was taken out of the network, but there’s so much liquidity in there that it may not be so debilitating overall and especially if the game continues to grow and succeed, and now the Axie tokens have taken a little bit of a hit in terms of their price since then, and that’s to be expected.

But it’s not like they’ve gone to zero, at least not as of yet. So, I think that that really does tie into your point, Andy, of it not neces…it being part of these growing pains and there still being things to figure out and learn from, right?

Andy: Yeah. And, you know, I think of Axie Infinity and I think of technology startups. So, you hear half a billion dollars and you think game over, and then when I look into it a little more, I’m like…

Scott: You’re saying, “Well, $1.6 billion.”

Andy: Oh, wow, they’re bigger than I thought, actually. They’ve grown bigger and more quickly than I thought. And so, I mean, it sounds like they’re going to survive this. I mean, who knows, there’s a chance they come out the other end even stronger with… If the worst happens and then they managed to, you know, do right by their users and their token holders, it might end up being a positive thing for their brand.

Scott: Well, I would say to this. So, they just had multiple protections in place and it was just one node, essentially, that one backdoor that was found. And obviously, they’re going to close that now and do everything…

Andy: Keyword backdoor.

Scott: Keyword backdoor. Exactly. Exactly. So, it’s almost impossible to not learn from it. And it’s still a very popular game globally. There’s still many, many players who are invested in the future of the game and enjoy playing it and enjoy earning. So, I don’t think that all of a sudden changes because you’ve had this breach.

And when you look at…and maybe I’m going off the rails a little bit here, but when you look at traditional finance, you look at hacks that have happened, you know, people’s data and all of this, those companies have continued on. So, why is there this assumption and maybe by some mainstream media outlets that, “Well, that’s it. NFTs are done?”

Andy: Well, honestly, these big hacks from giant corporations, you know, traditional corporations, it’s like they don’t even make the news anymore. I mean, you know, every now and again, one will. But, yeah. I think it’s one of those things people hear that a Bored Ape is worth X or, you know, a Punk is worth Y and it makes them either mad because they missed out, you know, “I wish I would have…” or they just don’t get it or whatever.

But, you know, unfortunately, there’s not always that live and let live attitude, you know, to each our own type attitude about these things. So, it’s like, yeah, and especially in the legacy media in these outlets like The Washington Post, they just love to pile on.

It’s like they can’t help themselves. Yeah. So, I mean, you know, again, I don’t mind reading…

Scott: Extra clicks.

Andy: Yeah, exactly. I don’t mind reading things that I disagree with.

Scott: Sure.

Andy: But NFTs are not done and they’re certainly not going to be done in by this hack.

Scott: Right. Well, to that point, Andy, and you’re a self-directed investor. So, I think when something like this happens, folks that are investing in NFTs that maybe have a significant amount of capital tied up in, you know, NFTs maybe across different collections, there’s this, “Well, are my NFTs safe? Is my capital safe? What is going to happen here?”

And I’m curious to hear your take on that as you look at this and if someone is saying, “Okay. Now, does this mean that everything I have has just tremendous risk and I need to get out? What does this mean for the future of my NFTs, of my crypto?” I’m just curious to what you might say, maybe some takeaways would be there for an investor who’s maybe feeling a little nervous.

Andy: Yeah. You know, a couple of concepts, I would say. First of all, from an investing standpoint, diversification, right? As an investor, you want to diversify. If you buy individual stocks, certain individual stocks are going to go to zero, they’re going to go bankrupt. By holding a diversified portfolio of, you know, traditional assets, you know, that’s a way you can kind of ride out market cycles, but also ride out, you know, the ups and downs of individual securities.

So, I think, you know, within digital assets, the same concept applies as an investor. Now, if you’re a collector, you know, maybe you’re only really into one or two NFTs serious. So, that’s sort of a different angle. But, you know, financially speaking, you shouldn’t have 95% of your net worth tied up in collectibles anyway.

Right? So, I think you kind of need to decide, are these an investment for you? And if they are, you know, take that top-down approach with top-down allocation between traditional assets and digital assets, and then within digital assets diversifying. Or are you a collector? Now, from the security angle, whether you’re a collector or an investor, you know, with security, the big mantra is security in layers, right?

Meaning that you don’t just have one failure point, right? So, you know, think about like in your home, right? You might have an alarm system, but you also have a dog. And one or the other might be a deterrent. With web security, with networking security, you know, again, you don’t want to have that single point of failure, you want to have multiple security systems in place.

So, I think as an individual, you can think of it in terms of, you know, always using those security best practices whether it be, you know, two-factor authentication or, you know, securing your wallet, absolutely, securing your wallet, and just thinking about it from that perspective. But in this case, with this particular news story, you know, sometimes it’s the centralized thing or the blockchain itself that fail.

Scott: It was an institutional issue here.

Andy: Right. And you as an individual user you’re a victim and, you know, you’re not really at fault. And then I think what that brings up is when you are investing in digital collectibles or, really, in any digital asset, look at the team behind this asset, look at the ecosystem, look at the community because these are, you know, different types of investments.

They’re not traditional investments that pay a dividend. It’s more like you’re investing in that blockchain, you’re investing in that community, you’re invested in that team.

Scott: That project.

Andy: Yeah. And the developers who are contributing, and so on, and so forth. And, you know, that’s something, Scott, that you discussed a lot in the last couple of episodes of the show is, you know, the roadmap and the team behind it. And so in this case, you know, I wasn’t actually aware of all of the options that, you know, the company has announced in this case, but it sounds like, you know, the team and the company is trying their best to make things right and that they actually have a plan to address this to try and make the victims of this hack whole.

And so I think that speaks to just that idea that you’re not just investing in the asset, you’re also investing in the thing behind the asset whether that’s a blockchain or a company or DOW or what have you.

Scott: Or a play-to-earn game that folks enjoy playing. I think that’s exactly right, Andy. And so that’s why I always say, you know, whatever the NFT is, whatever you’re interested in, look at that project. And I guess it goes back to that investor’s thesis. If your thesis is, “Hey, these Axie tokens are great. This is a great game. It’s clearly really popular.”

Maybe you like playing it yourself a lot, whatever it may be. If that’s the case, then you shouldn’t feel completely, you know, terrified and think, “Oh, I can’t do this anymore,” because if you still believe in all of that, then you would trust that the company is going to have the motivation, obviously, to try to make things right and do better and tighten up some of the screws and all of that, and then you can move forward, especially as you were talking about, Andy, you are diversified, and you’re managing your risk, and you’re doing all the things that you should do on an individual level, then it really is, “Okay. Do you believe in the institution, in the ecosystem itself?”

And if you do, then, you know, I guess put your head down and rest soundly as you can because I think that that’s the best you can do, right?

Andy: Conviction, right? The bold investor needs conviction, more so with bad news than good news, but back to what I said, the bull market climbs a wall of worry.

Scott: I love it. Andy, thanks so much for joining me once again. And, of course, to all those, you know, affected by this hack, obviously, hoping that they sort this out. And for all others, you know, I think it’s just a reminder that there is risk involved in all of this, so, you know, keep your head on a swivel, as the sport’s saying is.

Andy: Thanks, Scott.

Default image
Scott Hawksworth

Hailing from Evanston, Illinois, Scott is co-founder of Cryptogic as well as host of the several popular crypto podcasts. Scott believes that cryptocurrencies and NFTs represent a once-in-a-generation opportunity for investors of all types to participate in the future of decentralized networks.