Blockchain Hacks and Axie Infinity

Indochine Counsel

27th June 2022
This post discusses the cybersecurity element of blockchain, particularly the hack of Axie Infinity in March that netted the hackers over 600million USD in then current value. But how was Axie Infinity hacked when blockchain is supposed to be a secure method for storing interactions?

As I mentioned a couple of weeks ago, I thought I would dig into the cybersecurity element of blockchain. The big deal here, obviously, being the hack of Axie Infinity in March that netted the hackers over 600million USD in then current value. But how was Axie Infinity hacked when blockchain is supposed to be a secure method for storing interactions? 

There are a few ways that a blockchain can be hacked. To understand how, I first have to explain the nodes in a blockchain. These nodes reproduce whenever a new device is added to the blockchain and contain smart contracts which allow for the blockchain to confirm whether a new transaction meets the criteria of legitimacy needed to be added to the blockchain. In order for a new transaction to be added a majority of the nodes must agree to the addition. This gives rise to 51% attacks. 

A 51% attack occurs when a hacker takes control of a majority of the nodes and creates a forked branch of the blockchain that can be controlled by the hackers. This is most likely to happen for new or small blockchains and was not the method used by the hackers of Axie Infinity. 

Another method that hackers can use to access blockchains is through a traditional pushing exercise in which they convince a user to click on a malicious link and thus steal the login details of that users crypto-wallet. The wallet is the most vulnerable aspect of crypto currency as it exists as a linked digital space outside the blockchain and is subject to the same vulnerabilities that a traditional stock portfolio would experience.  

The third method is attacking a weakness in the smart contracts that govern activity on the blockchain. This is how the hackers managed to break into Axie Infinity’s blockchain holdings. By manipulating a weakness on the Ronin Bridge sidechain that was developed by Sky Mavis exclusively to operate Axie Infinity on the Ethereum blockchain. A sidechain is essentially an authorized fork that allows a different smart contract to control the sidechain than the ones used on the main chain. 

The weakness specifically allowed the hackers to access validation nodes in the sidechain that allowed them to imitate legitimate transactions in their own favor.  

According to techtarget.com the value of the theft was 620 million USD worth of Ethereum and US Coin. Despite this amount, the actual value of the theft has dropped considerably as a result of recent losses in cryptocurrency value. 

Soon after the theft was announced, the USA Federal Bureau of Investigation announced that the hack was instigated by APT38 and the Lazarus Group, both state sponsored hacking units based in North Korea. According to the same article, North Korea utilizes the hacking activities of these and other groups to further their missile and nuclear activities. North Korea has reached a level of sophistication to rank it with Russia, Iran, and China as the four biggest state sponsored hacking activists.  

But for a country like Vietnam, which consistently ranks at the top of cryptocurrency and NFT adoption surveys, how can they protect those interests from the likes of the Lazarus Group and other nation-state hackers? 

Unfortunately, aside from adopting basic cybersecurity procedures to protect crypto wallets, there is little an average crypto user can do. It is worth noting that two multi-million dollar heists in the last two years resulted from a hacked crypto-wallet password. It is also worth noting that the majority of North Korea’s hacking activities take the form of targeted phishing. That means that separating your wallet from your internet access could be a useful prevention, as is developing the habit of not clicking on suspicious links or on links from strangers.  

While I am nor a cybersecurity specialist, I do understand that hackers operating in the big four countries are all but immune to legal consequences as they are protected by their governments. Even if it were possible to bring one of these hackers to justice, the problem of jurisdiction remains. Neither Russia nor China I’d likely to deport a hacker who works to fund their state activities to a third country to face criminal charges.  

And the likelihood of the situation improving remains minimal. Without any international framework to govern blockchain and cryptocurrency, and with the fact that most cryptocurrencies are decentralized and do not have an actual legal entity behind them, there is nothing that can be done to retrieve stolen funds. Thus, the importance of preventative measures rises to the forefront and researching crypto wallets and exchanges before buying or storing funds of any kind is strongly suggested. 

Please Login or Register for Free now to view all updates and articles

 Login  Sign Up

In addition to free-to-view updates and articles, you can also subscribe to the full Legal Centrix Vietnam Service including access to:

  • Overview notes on the law
  • Thousands of high quality translations of legislation covering all key business areas
  • Legal and tax updates
  • Articles on important legal and tax issues
  • Weekly email alerts
  • Sophisticated web platform and search

Legal Centrix is trusted by top law and accounting firms.

Indochine Counsel

Established in October 2006, Indochine Counsel is a leading commercial law firm in Vietnam. Offering services throughout Vietnam, Indochine Counsel is ideally positioned to assist international investors and foreign firms to navigate the legal landscape in one of Asia's most dynamic and exciting countries. We also take pride in our services offered to domestic clients in searching for opportunities abroad. With over 45 lawyers and staff in two offices, Ho Chi Minh City and Hanoi, Indochine Counsel offers expertise in a dozen practice areas and provides assistance throughout the entire life cycle of your business.

Based on the principles of Excellence, Professionalism and Ethical Lawyering, Indochine Counsel strives to give clients quality service in a timely manner. Our lawyers have been trained all over the globe and have experience with both local and international law firms. Indochine Counsel takes pride in its people and works hard to ensure that they have the support and training necessary to work at the peak of excellence.

Indochine Counsel’s objective is to provide quality legal services and add value to clients through effective customized legal solutions that work specifically for the client. The firm represents local, regional and international clients in a broad range of matters including transactional work and cross-border transactions. The firm’s clients are diverse, ranging from multinational corporations, foreign investors, banks and financial institutions, securities firms, funds and asset management companies, international organizations, law firms to private companies, SMEs and start-up firms.

Click here to view the author's profile

Author

Tags

  • Vietnam
  • Credit, Payment & Fintech Providers
  • Internet & Social Media
  • Legal Updates
  • Information Technology

Related Content

  • No related content

Recent updates

Cookies On
Our Website
We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please click here to view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.

 

A leading provider of legal and tax know-how and information for Asia.

Useful Links

Contact Us

Hong Kong, China
Tel: +852 3001 8810
support@legalcentrix.com

Copyright © 1997 - 2024 Legal Centrix. All Rights Reserved Privacy Policy | Terms of Use

Some text to show in popup