E-games $615 million ‘external breach’ robbery

Blockchain project Ronin, behind popular online game Axie Infinity, said on Friday it had made progress in investigating a cyber heist that compromised $615 million in virtual assets, citing a “external breach”.

This follows a warning from the Bangko Sentral ng Pilipinas to the public regarding the risks of non-fungible tokens (NFTs) following the reported theft of a digital ledger used by Axie Infinity players.

Around 35% of Axie Infinity’s traffic comes from the Philippines, which is the largest share of its 2.5 million daily assets
Bridget Rose Mesina-Romero, deputy director of the BSP Payments System Oversight Department, called on the public to be cautious about gambling games to win, noting the risks that come with them.

“We reminded the public that they must be aware of how these games work, of the risks involved, and that they must, for example, know how they can have recourse or recourse,” she said during of a virtual briefing on Thursday.

“They should only invest funds that they are willing to lose due to risk,” Mesina-Romero added.

Investigators are hot on the trail of the hackers, monitoring the cash as it moves through a system critics call the Wild West of finance. They’re playing catch-up: The game company that got scammed apparently didn’t even notice for six days.

But the Ronin network revealed to users that on March 23, hackers dumped $615 million worth of Ethereum and USDC cryptocurrencies, in one of the biggest thefts ever in the world of cryptography.

Ronin was developed by Vietnam-based Sky Mavis to meet the cryptocurrency exchange needs of Axie Infinity gamers, a significant portion of whom are Filipinos.

“While investigations are ongoing, at this point we are certain this was an external breach. All evidence points to this attack being social engineering rather than a technical fault,” the statement said. company in a newsletter.

Examples of social engineering attacks include smishing or phishing, where cybercriminals rely on manipulation and human emotion to persuade victims to provide information or access networks such as Ronin.

Although this seems to imply that the attack was not the result of system design flaws, the Ronin network is still committed to improving security.

“We are committed to ensuring that any funds drained are recovered or refunded, and we are continuing conversations with our stakeholders to determine the best course of action,” he said in a statement.

The hack is one of the biggest to hit the crypto world, raising huge questions about security in an industry that has only recently entered the mainstream thanks to celebrity endorsements and promises. of incalculable wealth.

Axie Infinity maker Sky Mavis said it was made aware of the security breach on Tuesday, after Ronin said hackers gained access to private keys to withdraw digital funds.

The company said it would recover or refund the funds, easing player anxiety, especially in the Philippines where hundreds of thousands of people play Axie Infinity.

The BSP said earlier that it is monitoring transactions involving Axie Infinity’s Small Love Potions (SLPs), which users can cash in or use to raise new Axies or digital pets. The central bank has previously noted that SLPs are excluded from its scope under the guidelines for virtual assets.

Service providers, as its regulatory purpose is the exchange of fiat currency for virtual assets.

Sky Mavis is not registered as a payment systems operator, and the BSP said it is coordinating with other regulators to determine whether the company should fall into such a category.

“Since it is a digital domain, it creates a borderless zone where fraudsters can really enter and perform illicit activities, so the public should practice cyber hygiene to protect your personal data and your identity,” Romero said.

Shirlene J. Manley