Investigators are on the trail of hackers who spirited away more than US$600 million in cryptocurrency last week, watching the money as it moves around a system that critics call the Wild West of finance.
But they are playing catch-up: the gaming company that got scammed apparently did not even notice for six days.
The hack is one of the biggest to hit the crypto world, raising huge questions about security in an industry that only recently burst into the mainstream thanks to celebrity promotions and promises of untold wealth.
Photo: REUTERS
The sector has been beset by scams and hacks.
This week’s theft from the makers of Axie Infinity, a game where players can earn crypto through game play or trading their avatars, came just weeks after thieves made off with around US$320 million in a similar attack.
“We are seeing more hacks because there is more money in blockchain,” said Roman Bieda of Coinfirm, a crypto security company, referring to the technology that underpins cryptocurrencies.
Photo: Bloomberg
The industry should have learned the lessons from previous attacks but security was still being sacrificed for profit, he added, labelling Axie’s failure to notice the hack a “huge deficiency.”
REFUNDS PROMISED
The Axie Infinity attackers exploited weaknesses in the set-up put in place by the Vietnam-based firm behind the game, Sky Mavis.
The company had to solve a problem: the ethereum blockchain, where transactions in the ether cryptocurrency are logged, is relatively slow and expensive to use.
To allow Axie Infinity players to buy and sell at speed, the firm created an in-game currency and a sidechain with a bridge to the main ethereum blockchain.
The result was faster and cheaper — but ultimately less secure.
Hackers were able to take over the sidechain and empty its coffers apparently without anyone realizing, something experts say would be all but impossible on the ethereum blockchain.
The firm said it would recover or reimburse the funds, easing the anxiety of gamers — particularly in the Philippines where hundreds of thousands play Axie Infinity.
“Some of the Philippine community right now are going crazy because of what happened,” said Dominic Lumabi, a gamer from Manila.
Some feared the game would close and money would be lost, he said, adding that he was relieved Sky Mavis was being transparent.
But the firm faces a tough challenge to get the money back.
‘CONSTANT BATTLE’
Security firms are monitoring the stolen money as it moves through various wallets, as accounts are called in the crypto-world.
Blockchain data platform Chainalysis is helping Sky Mavis track the money, and Elliptic said it was investigating and alerting its clients.
Bieda from Coinfirm said that sooner or later the perpetrators would be traced.
“The bigger the amount, the harder it is to hide,” he said.
But even though investigators can see where the money is, there are tricks the thieves can use.
They can employ software that mixes the stolen money with legitimate streams, use exchanges with lax rules, or move their funds to a jurisdiction with no rules at all such as North Korea or Russia.
Any of those moves makes it much easier to transfer the cryptocurrency into everyday, spendable cash.
It is a “constant battle” between the thieves and those trying to stop them, said Bieda.
“Adoption (of cryptocurrency) is growing, more protocols and more solutions are created, but the pursuit of cheap transactions and profit means the industry sometimes... forgets about security.”
It’s Aug. 8, Father’s Day in Taiwan. I asked a Chinese chatbot a simple question: “How is Father’s Day celebrated in Taiwan and China?” The answer was as ideological as it was unexpected. The AI said Taiwan is “a region” (地區) and “a province of China” (中國的省份). It then adopted the collective pronoun “we” to praise the holiday in the voice of the “Chinese government,” saying Father’s Day aligns with “core socialist values” of the “Chinese nation.” The chatbot was DeepSeek, the fastest growing app ever to reach 100 million users (in seven days!) and one of the world’s most advanced and
Has the Taiwan People’s Party (TPP) changed under the leadership of Huang Kuo-chang (黃國昌)? In tone and messaging, it obviously has, but this is largely driven by events over the past year. How much is surface noise, and how much is substance? How differently party founder Ko Wen-je (柯文哲) would have handled these events is impossible to determine because the biggest event was Ko’s own arrest on multiple corruption charges and being jailed incommunicado. To understand the similarities and differences that may be evolving in the Huang era, we must first understand Ko’s TPP. ELECTORAL STRATEGY The party’s strategy under Ko was
The latest edition of the Japan-Taiwan Fruit Festival took place in Kaohsiung on July 26 and 27. During the weekend, the dockside in front of the iconic Music Center was full of food stalls, and a stage welcomed performers. After the French-themed festival earlier in the summer, this is another example of Kaohsiung’s efforts to make the city more international. The event was originally initiated by the Japan-Taiwan Exchange Association in 2022. The goal was “to commemorate [the association’s] 50th anniversary and further strengthen the longstanding friendship between Japan and Taiwan,” says Kaohsiung Director-General of International Affairs Chang Yen-ching (張硯卿). “The first two editions
It was Christmas Eve 2024 and 19-year-old Chloe Cheung was lying in bed at home in Leeds when she found out the Chinese authorities had put a bounty on her head. As she scrolled through Instagram looking at festive songs, a stream of messages from old school friends started coming into her phone. Look at the news, they told her. Media outlets across east Asia were reporting that Cheung, who had just finished her A-levels, had been declared a threat to national security by officials in Hong Kong. There was an offer of HK$1m (NT$3.81 million) to anyone who could assist
RSS