In recent news, the creators of Axie Infinity, the popular online game that allows users to earn real money as they play, confirmed one of the largest DeFi hacks in history. According to a recent report, Ronin Network, the company behind the back-end administration of Axie Infinity, informed users on Discord and Twitter that the company lost $615 million in USDC (a stablecoin pegged to the US dollar) and Ethereum.
More About the Axie Infinity Cryptohack
Evidently, the crypto hack was first discovered on March 29, 2022, after a user was unable to withdraw 5,000 Ethereum from the bridge. However, the attack actually took place back on March 23, 2022, when the “attacker used hacked private keys in order to forge fake withdrawals.”
Many cryptocurrency holders own assets across multiple blockchain ecosystems. Thus, to facilitate the transfer of assets into and out of the game, Axie Infinity used the Ronin Bridge to connect Axie Infinity to other blockchains. This way, users could deposit Ethereum or USDC into their account. Once a user’s account is funded, they can then purchase in-game non-fungible tokens or in-game currency. As the users play the game and increase the value of their in-game assets, they can then sell them and withdraw the proceeds.
The creator of Axie Infinity, Sky Mavis, has announced that it intends to recover or reimburse users for their losses. However, as of right now, users are still unable to withdraw or deposit funds.
Do Victims Have a Remedy?
Both cryptocurrency and decentralized finance are relatively new concepts. However, existing consumer protection laws provide a way for users to pursue a legal claim against the responsible parties in hopes of obtaining the money they lost in a hack. That said, US consumer protection laws were not written with cryptocurrency of DeFi in mind. In fact, one of the main premises of the DeFi movement is that it is unregulated. While this results in lower transaction costs and more freedom of movement for assets, it also makes recovering lost assets in a cryptohack challenging.
For example, one of the issues facing victims of crypto theft is identifying who is responsible. While the party orchestrating the attack is certainly at fault, locating them may be challenging. And even if they can be identified and located, there is no guarantee that they will have the assets necessary to reimburse users. However, hackers are not the only potentially liable to party in the case of crypto theft; online trading apps, dapps (decentralized finance apps), game developers and others may be liable for losses resulting from system vulnerabilities.
In theory, these parties all operate above-board and are registered with the state government where they operate. However, it can still be challenging to determine all the parties that have been negligent leading up to a crypto hack. Adding to these challenges is the fact that when a hacker carries out a cyberattack targeting cryptocurrency, it is generally very challenging for the hacked platform to determine what exactly happened. This can leave users with more questions than answers.
Cryptotheft is illegal, yet because of the new, decentralized and unregulated nature of this environment, it appears that the rate of cryptotheft will only continue to increase. The important takeaway is that there are legal remedies for the victims of cryptohacks. These remedies may allow for aggrieved investors to recover the value of stolen cryptoassets and obtain other damages related to their losses. An experienced cryptotheft lawyer can determine the most appropriate remedy for an individual investor and can advise them on how to pursue their claim.