In 2003, more than $100 million worth of diamonds, gold, and silver were stolen from a vault in Antwerp, becoming one of the largest heists in history. It took an incredible amount of planning, using a combination of social engineering by mastermind Leonardo Notarbartolo and physical engineering by a group including a still-unknown man called the “King of Keys” to break into a secure facility. While there have been arrests, many of the stolen goods have yet to be found.
This crime was possible, not due to irresponsibility on the part of the vaults, but due to the ingenuity of human beings to break the unbreakable, to want more than they have, to challenge what is possible - especially when driven by greed. Even in the face of incredible, complex danger, there will always be somebody out there who will do everything in their power for that big score. And in this case, the victims were diamond merchants of Antwerp, far separate from street sales - and, of course, fully insured just in case someone attempts to steal everything. In fact, Notarbartolo claims that a diamond merchant hired him and that the whole thing was an insurance scam.
Six days ago, it took one person with a computer to steal $600 million of cryptocurrency from the browser-based play-to-earn blockchain game Axie Infinity.
Leaving The Keys In The Car
Due to the costs of doing anything on Ethereum, Axie Infinity developer Sky Mavis created a “side-chain” - a blockchain with a specific purpose (playing the game) - that users would put “real” money into - Ethereum or a dollar-backed stable coin called USDC - and then receive “wrapped” versions to use on the faster, cheaper blockchain to make purchases within the game. This blockchain is called “Ronin.” This chain is controlled by nine validator nodes that control transactions, requiring five of them to agree before any withdrawal or deposit is authorized. Sky Mavis has four of them, and there are five other third-party validators.
Because Axie Infinity is technically not part of Sky Mavis (the developers), an Axie Decentralized Autonomous Organization (DAO) exists. In November 2021, Sky Mavis, in an attempt to deal with a bottleneck of free transactions created by the game’s popularity, asked for permission to use their non-majority validators to temporarily sign transactions on behalf of the Axie DAO. This agreement ended in December 2021.
Except they forgot to remove the “allow list” part of the contract, meaning that the attacker, in this case, got control of Sky Mavis’ validators, along with a third-party validator, gaining majority control of the Ronin network and draining hundreds of millions of dollars in complete accordance with the contracts involved, because Sky Mavis had allowed them to. There was no vault to open, no security to knock out, no box to break - just the unbearable failure of the concept of “code is law.”
What this means in a practical sense is that anybody that put money into Ronin so that they could interact with the overall Axie Infinity ecosystem has now got, on paper, absolutely nothing. They cannot turn their wrapped Ethereum into Real Ethereum, because there is no Ethereum to turn it back into. While there may still be a market for the three tokens related to Axie Infinity, the actual assets behind them are entirely gone - unless, of course, the investors that piled money into Axie Infinity decide to somehow assist, though I can’t think of a way that would actually fix…anything.
Axie Infinity itself is a deeply evil project - part of the malevolent “play to earn” industry that turns gaming into a vast pyramid scheme under the auspices of “rewarding you for your time,” as if gaming is otherwise a totally brainless, emotionless exploit. It’s also deeply exploitative, with the majority of its audience based in the Philippines and making below the country’s minimum wage as Sky Mavis and AXS token holders take a cut too. It costs around $300 to start, a fee that scummy loan-shark-esque companies will front for a cut of your future income.
In short, the people that are suffering from this are not the investors, nor the developers, nor those in power, but regular people that chose to trust them with their money and time. There are people that play Axie Infinity as their actual jobs that are now sitting on a giant pile of nothing - even if you can sell a thing in the game as we speak, the underlying value is quite literally nothing. If someone gives you 300 Ethereum for your poorly-drawn NFT pocket monster, that 300 Ethereum is worth nothing if it cannot be withdrawn from the Ronin contract, a contract that does not have 300 Ethereum to give you.
And, to be clear, these are not people receiving 300 Ethereum. They are people that are desperate enough in their circumstances that they play an online game to get by, that have either had to scrape together $300 (which is a great deal of money!) or entered into a shady contract with a shadier individual to cover the costs. And this is all while dealing with the dwindling amount of money that the system actually pays them for.
What’s worse is cryptocurrency’s “HODL” mantra likely means that people have faithfully kept their money in the system that now doesn’t have any money to give them back. It isn’t quite a ponzi scheme because the money existed in some way, but it suffers the same fate - there is no money to pay anyone with.
Stop Calling Me A Cynic
If you are reading this and thinking that I’m a hater, I want you to think very carefully about who suffers in these situations. Cryptocurrency has absolutely no protections against lost funds of any kind, and the police are unlikely to assist in recovering anything in most cases. While one might think that they’ll be actively interested in tracing $600 million, it’s debatable whether they’ll find it, and if they do, whether those funds will actually be returned to anybody.
Wormhole Finance returned $320 million in funds to users after an exploit, though it’s likely due to Jump, the trading group that owns the developers, simply handing them more money. In the case of Axie Infinity and Sky Mavis, while there may be a lot of funding, there is not $600 million - and though I’m not sure about their accounting, I can’t imagine that they have over four times their funding round sitting in their coffers.
In the meantime, the users are the losers. There is no FDIC to protect them, no government body to aggressively pursue the totally decentralized authority that fumbled their life savings into the literal and figurative ether. There is nobody for them to sue, no criminal prosecution to pursue, and no path to compensation. The Ronin Network, despite both holding and transacting with people’s “currency,” has no banking charter nor legal responsibility to act as one.
Hell, there clearly isn’t even someone watching the damn thing to make sure nobody walked off with $600 million dollars, because it took Sky Mavis six days to notice.
To be blunt, whenever I tell somebody that cryptocurrency is dangerous and will hurt people, this is how. It’s easy to make fun of big, dumb idiots that buy $350,000 pictures of apes, but people are being conned into joining these scams (and yes, Axie Infinity is a scam) based on the idea that they are “part of the future” and will reap a massive return on their investments. People are investing in cryptocurrency and cryptocurrency projects in the same way they might invest in the stock market, or in a home, and they are losing everything.
It’s a comfortable lie to believe that these people are the outliers - I would argue the vast majority of people that are introduced to cryptocurrency either don’t realize how dangerous it is, or have been conned by a wealthy, charming investor that is claiming a literal ponzi scheme is actually “a gaming revolution.” The assumption is always that this is something that would happen to someone else - that a popular game funded by big-name investors like Mark Cuban would not have an obvious exploit that would wipe out the value of both your time and money.
And what I really want to hammer home is that the victims here are not the dopey silicon valley investors that you’ve grown to despise, but real people that are desperate and scared as they face a world that only seems to get more difficult.
People are desperate for a way out, for something to belong to, for something to believe in. The future has always seemed to leave them behind. Crypto masquerades as a future of enrichment, selling a dream - that you, an individual, outsmarted the system and profited, that you found the same kind of loophole that you’ve heard the ultra-rich uses, one that allows you to feel as if you’re participating in a kind of counter-culture.
Worse-still, there is an abundance of optimism in the face of imminent, obvious danger. Outside of how easy it is to lose money through day-trading cryptocurrency, there is enough of a track record of cryptocurrency projects that either outright scam or lose people’s money to declare any investment a tacit approval of continual exploitation. And every VC pumping money into these projects should be held accountable - they should be asked, point-blank, what due diligence they did into the company they invested in, and what they believe should be done to compensate the people who it’s hurt.
Cryptocurrency has grown from a nerdy libertarian doodad into a large collection of ticking timebombs where users surrender control of their finances to imperfect code, sold to consumers as a fast way to make money at a time when it’s difficult to do so otherwise. People want a way to thrive when most people can’t buy a house or save for retirement thanks to the incredible costs associated with existing. The cryptocurrency industry has acknowledged and exploited this desperation with marketing hype and journalist-approved hope.
Cryptocurrency is a threat to people’s livelihoods, an ugly, unfair casino built to extract resources from the bottom and deliver them to the top. Every little anecdote of an artist making money on NFTs is overshadowed by the many people that you can find in basically any cryptocurrency project’s Telegram that are terrified that the investment that they made thinking they’d “found the next Bitcoin” is potentially a dead end. Libertarianism does not exist to create balance - it exists to create discord that can then be exploited, and cryptocurrency is powerful, wretched proof.
I may seem alarmist, but it’s time to stop humoring this industry and regulate it into dust. Whatever theoretical benefits may exist with regards to decentralization are irrelevant to the tangible harm that cryptocurrency is causing, and I can’t even tell you what these theoretical benefits may be.
What I can tell you is the damage it does. What I can tell you is that people are losing what little they have at one of the worst times in history for wealth disparity, all while enriching people that are lying through their teeth about sharing their resources.
And it’s only going to get worse.
This line tho..."Cryptocurrency has grown from a nerdy libertarian doodad into a large collection of ticking timebombs where users surrender control of their finances to imperfect code,..." Wow.
I'm more than a bit skeptical about the "we've been hacked, we're victims too" defense that often comes up in these cases. It usually looks like either gross negligence or even an inside job.
There are probably a lot of desperate people who got caught up in this but I have limited sympathy for people who have thousands of dollar to spare (or are able to borrow it) and then put it into something as insanely stupid as this. How many have ignored all the warnings and called those who question this stuff haters and boomers and whatnot?