Crypto gaming giant Axie Infinity, which raised last year at a $3 billion valuation from a16z, was already having a catastrophic week. It just didn’t know about it until this morning.
The popular play-to-earn title’s Ethereum-linked Ronin sidechain was exploited for 173,600 ether, or about $597 million, and $25.5 million worth of the stablecoin USDC. Bizarrely, the exploit occurred six days ago on March 23, but was not discovered until March 29, Ronin developers shared in a post.
This hack totals almost $625 million at current value, making it the largest decentralized finance hack to date, according to the DeFiYield REKT database, which tracks DeFi scams, hacks and exploits. This exploit surpassed the previous largest exploit in September 2021 of $602 million on Poly Network.
Ronin was made specifically as a sidechain to support Axie Infinity. Axie Infinity is one of the most well-known Ethereum-compatible play-to-earn games and saw extreme growth in 2021. It originally anticipated an “aggressive target” of 250,000 users by the end of last year, but surpassed the target by 1,000% with a community of about 2.9 million users.
The hack occurred across two transactions, one for the ether and the other for the USDC, according to Etherscan on-chain data. The attacker used hacked private keys to forge fake withdrawals, they wrote. “We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.”
The team stated it is working with “various government agencies to ensure the criminals get brought to justice.”
The ether and USDC deposits on Ronin were drained from the bridge contract, but the network is working with stakeholders from Axie Infinity and its parent company Sky Mavis to determine the best move forward so no user funds are permanently lost, it said. “All of the AXS, RON and SLP [tokens] on Ronin are safe right now.”
Sky Mavis was not available for additional comment requested by TechCrunch.