Sky Mavis, the company behind popular play-to-earn game Axie Infinity, has said it will reimburse players after hackers stole more than US$600 million from the Ronin blockchain it’s built on.

Just a recap on the exploit first, though…

This week, it’s been revealed that a hacker or hackers have perpetrated what’s being called the largest exploit in DeFi history. It’s certainly the biggest GameFi-related hack so far. Reports vary, but some actually have the stolen-funds figure at closer to US$625 million.

Whoever the attacker was, they were able to find a back entrance into a Ronin node – through a critical blockchain bridge. Ronin (ticker: RON) is an Ethereum-linked “sidechain” developed by Axie Infinity creator Sky Mavis.

The attackers then used hacked private keys to create the withdrawals, draining 173,600 ETH and US$25.5 million in USDC.

A blockchain bridge, by the way, allows holders of assets on one blockchain to swap out their tokens for equivalent assets on other chains. Useful, certainly, but they have their critics, including Ethereum founder Vitalik Buterin, who recently pointed to their security vulnerabilities, adding that “the future will be multi-chain, but it will not be cross-chain”.

At the time of writing, the Axie Infinity governance token (AXS) is holding up remarkably well in the wake of the exploit. It’s currently up 1% over the past 24 hours, and even +14% over the past seven days.

Axie’s in-game currency, Smooth Love Potion (SLP) has recovered 3.6% over the past day, however, it’s still down about 6% on the weekly timeframe.

The Ronin blockchain’s native token RON, has been the hardest-hit Axie-related token and is down about 11% over the past week.


Sky Mavis’s pledge to recover and reimburse

Amid what Sky Mavis Chief Operating Officer Aleksander Leonard Larsen has described as “an intense 36 hours”, the company has confirmed to Bloomberg it will be reimbursing affected Axie Infinity users.

“We are fully committed to reimbursing our players as soon as possible,” wrote Larsen to Bloomberg via text message. “We’re still working on a solution, that is an ongoing discussion.”

Larsen also wrote in a Twitter thread that Sky Mavis is conducting a “deep forensics review to ensure there is no lingering threat”, adding:

“This was a social engineering attack combined with a human error from December 2021. @SkyMavisHQ tech is solid and we will be adding several new validators to @Ronin_Network shortly to further decentralize the network.”


Meanwhile, Axie Infinity is moving ahead with its big battle/gameplay upgrade it’s dubbed Axie Infinity: Origin. It’s kicking of a week of events and, er, “leeks” from April 7. Trailer further below…