Cryptonews DeFi News

Axie Infinity’s Ronin Hack Exposes Risks of Proof-of-Stake and Centralization – Analysts

Blockchain Crime Decentralization

DeFi Hack Huobi

Author

Fredrik Vold

Author

Fredrik Vold

Author Profile

Last updated:

October 19, 2023

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Medieval Knight with Arrow In Eye Slot – a popular meme. Source: knowyourmeme.com

The recent hack of Axie Infinity’s Ronin bridge reveals how proof-of-stake (PoS) chains still struggle with a fundamental flaw in their design, with speed and energy efficiency prioritized over security, an analyst at crypto exchange Huobi has said.

“This hack reflects the continuing challenges that blockchains and operators face in balancing user experience and security,” Huobi Research Institute head Flora Li said in a commentary on Wednesday, suggesting that the low number of nodes on the Ronin network was a fundamental problem.

Although Axie Infinity (AXS) developer Sky Mavis has “pledged to raise the number of required nodes to eight,” this is not enough, Li said. She argued that,

“It still doesn’t solve the fundamental problem of how proof-of-stake blockchains can keep transactions fast, user-friendly, and energy-efficient without compromising security.”

The analyst added that Ronin has taken “shortcuts to relieve network bottlenecks,” and said that cutting down the number of nodes on the network has made it “easier for hackers to exploit.”

The comments from Huobi’s Li came after news broke on Tuesday that the Ronin bridge, which is used to connect the Ronin network to other blockchains, had been drained by hackers for ETH 173,600 and USDC 25.5m, now worth some USD 615m.

Ronin is a sidechain to the Ethereum (ETH) blockchain developed specifically for Sky Mavis’ crypto-based play-to-earn game Axie Infinity.

Speaking on stage at the Los Angeles NFT Conference on Tuesday, Jeff Zirlin, the co-founder and growth lead at Sky Mavis, reiterated that the team is talking to law enforcement, and said some of the stolen tokens had already been sent to exchanges by the hackers.

Despite the funds already being on the move, Zirlin insisted that there’s a chance that the hackers can still be identified.

https://www.youtube.com/watch?v=6sTmC-5DGjU

Notably, the hacking incident was confirmed almost a week after it happened, and the Ronin team’s response to it was to halt the Ronin bridge and a related decentralized exchange (DEX).

As can be expected, this was quickly pointed out by some proof-of-stake critics on Twitter:

<oembed url=”https://twitter.com/hugohanoi/status/1508916011763847168[/embed]

Meanwhile, other industry players also hinted that a lack of focus on security and decentralization could be to blame for the attack.

EA Sports, a contributor to DeFi protocol Harvest Finance said in an emailed comment that Ronin is a sidechain secured by nine validators, while only “5 (+50%)” are needed to attack the network – “the attackers got access to the system that operates four of the nodes, and found a bug to access another node.”

They added that,

“This centralization of the validators made it much easier to compromise security and another example of why decentralization is critical.”

A similar concern was also shared by Kadan Stadelamn, chief technology officer of DeFi platform Komodo (KMD), who said the hack “shows why centralized cross-chain bridge solutions may threaten the adoption of cryptocurrencies.”

“Having only nine validators for the Ronin bridge, and four belonging to the same person, is concerning,” he said, adding that pooling all user funds into just one wallet address “is the exact definition of centralization.”

Meanwhile, Ryan Lewis, Technology Consultant at digital asset protection provider Coincover, said that the Ronin hack shows “the classic challenges of usability trumping security when these technologies are so young.”

“There is no doubt this will continue to be the case as the crypto industry matures but the stakes are extremely high and security can certainly not take a back seat,” he said in an emailed comment.

____

Learn more:
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
– Digital Collectibles Marketplace VeVe Loses ‘Large Amount of Gems’ in an Exploit

– ApeCoin Smart Contract Exploited, ‘Well-Prepared Claimer’ Walks Away With USD 380K
– DeFiance Founder’s USD 1.76M Loss is a Lesson For NFT Investors

– Ethereum Staking Sees Accelerating Growth Ahead of Merge
– Ethereum Classic Jumps 54% In a Week, But History Shows That the Rally May Not Last