Axie hack: Youbi CEO says Sky Mavis’ only focus was profit
03:28, 5 April 2022
Cryptocurrency developers must be more open about their projects in the wake of the $625.5m Axie Infinity hack and billions of dollars in NFT scams, says the CEO of Youbi Capital.
“Sky Mavis just didn’t care too much about safety as long as they were making money. They are just concerned about this high profit from the game,” Chen Li, CEO of New York-based Youbi Capital, told Capital.com.
Li says that more projects require investigation from investors after skyrocketing NFT demand sparked a significant growth in illicit activity including hacks and scams over the past year.
Youbi is a New York-based cryptocurrency venture capital company. Li has called for more regulation of crypto assets.
Last week, Sky Mavis, the company that developed the Axie Infinity play-to-earn online game and the Ronin blockchain network behind it, reported that a hacker had stolen 173,600 ethereum (ETH) worth $300m in cash and $25.5m worth of the USDC which is pegged to the US dollar.
What is your sentiment on ETH/USD?
Ethereum to US Dollar (ETH/USD)
Li says
When used correctly, blockchain levels the playing field for all involved. Some recent projects are more interested in hype than utility
These projects will not last and users must be wary of outfits that focus 90% on marketing and 10% on development
Future-forward projects must build their product around what made blockchain groundbreaking in the first place.
Ronin facilitates crypto trades
Axie Infinity players buy, accumulate, and sell NFTs known as Axies via the Ronin network. Both Axie Infinity and Ronin are operated by Sky Mavis. According to Sky Mavis, the hacks were discovered six days after they occurred.
“That’s exactly why we need more transparency in the (crypto) space,” said Li. “From the technical perspective, the hacker was able to access the private key of the (transaction) validators within the Sky Mavis team.
“But at the same time, he was able to sign on behalf of Axie (decentralised autonomous association). So what happened was that the Axie DAO delegated signing to the Axie Mavis team at the end of last year to sign lots of transactions to allow a lot more players to join the ecosystem.
“Basically, the Sky Mavis team alone was able to authorise, maintain, and withdraw from the bridge, which is a very significant risk.”
Bridges move assets across blockchains
Li explained that bridges are data channels that move billions of dollars worth of crypto assets across blockchains.
Before transactions are completed, assets have to be validated by passing through a series of computer servers known as nodes. In the case of Axie Infinity, assets were moved on Ethereum.
Sky Mavis has frozen trades on the Ronin network. But on Monday, the company said on its ongoing blog post about the hack that Binance (XX) has resumed withdrawals of Axie Infinity Shards (ASX) and Smooth Love Potion (SLP) tokens.
Security increased after hack
When Ronin resumes operations, Sky Mavis said, Axie Infinity transactions will need to be validated by eight of nine nodes – up from five of nine before the hack.
But Li said the hack could have been prevented if the company had boosted its security threshold earlier.
In its blog post, Sky Mavis identified a digital wallet that allegedly holds the stolen assets. Sky Mavis said in the blog post that four of the company’s validator private keys were hacked along with one Axie DAO validator.
According to Sky Mavis, the hack traced back to November 2021 when the Axie DAO was allowed to distribute free transactions to accommodate a surge in Axie Infinity users.
The free transactions were discontinued in December, but the hacker was still able to access the Axie DAO validator, said Sky Mavis. While a temporary security reduction to allow for more users would have been understandable, the public should have been notified, said Li.
Company wasn’t transparent, says Li
“They took this shortcut, but they didn’t let the public know about it,” said Li. “They weren’t transparent about it.
“Sky Mavis said the hack occurred on 23 March but was not noticed until 29 March, when a user was unable to withdraw ETH5,000. While the company might not have known about the hack for several days, it should have been closely monitoring asset balances on both sides of the bridge,” said Li.
“I don’t think they did a very good job there,” he said.
Rug pulls rise
“Trust has been more and more important,” he said. “When we started to enter the bull market two years ago in 2020, statistically, we (hadn’t) seen a lot of these fraudulent projects or scams in 2020 because the market was down. But as the market started to go up, we saw a significant growth in these kinds of scams because the market has been overwhelmed by the demand for opportunities to make 10 times or 100 times return from apes – blind investments.
“So there has been demand for these kinds of projects that have no transparency. It’s extremely centralised and that was why we saw a significant increase (in amounts) lost due to rug pulls or just scams in 2021.”
Rug pulls refer to illicit moves in which non-fungible token (NFT) developers promise large long-term returns on investments but liquidate their clients’ tokens or obtain assets through other scams. Li pointed to the Squid Game NFT rug pull in which customers lost millions of dollars last fall. After the coin’s value soared, investors were unable to sell and Squid Game, which operated a game that awarded NFTs on a play-to-earn basis, subsequently shut down.
“So the investors who are holding the token or have added liquidity are left with nothing,” said Li.
Some minters disappear
He noted that many online game developers seek investments in, and mint, NFTs months before launching the related games. But in some cases, the minters disappear or launch play-to-earn games that are significantly below investors’ expectations.
The technology is not the problem, said Li, because by nature the blockchain that underpins NFTs is trustless – based on data – and, therefore, decentralised and free of wrongdoing. But the recent NFT growth has created a “concentration of power” or centralisation that has led to more rug pulls and other scams.
Centralisation can be a good thing for startups involved in early-stage projects because companies need some flexibility to adapt and understand the tokenomics – the design of an NFT farming plan. But Li said NFT developers should be treated like public companies as soon as they start to onboard users.
“They should be held accountable in terms of their behaviour, in terms of everything they’re doing,” he said. “They need to be transparent with the community.”
More regulations will help improve transparency, said Li, who hopes that new technologies will enable transactions to verify themselves. Generally, traders will “just have to be very careful” and look for more transparency from NFT developers and other crypto companies.
Blockchain can prevent fraud
Some NFT developers, like Solana and Avalanche, have made mistakes with high-profile projects, received “humongous backlash from the community” and their token prices suffered. But they regained trust by adopting transparency reports that helped investors see how tokens are allocated, moved and used.
“The projects that are focussed on the long term, they could have some flexibility at the beginning,” said Li. “But as soon as they launch tokens, they need to be fully transparent.”
Investment communities need to see how tokens are allocated, he added. Investors do not want to see whales – large investors – dump their tokens and drastically reduce the price.
“They want to see who those (investor online) addresses belong to and what’s their vesting schedule,” said Li.
Retail investors need transparency
Transparency is especially important for retail investors because they might not have the luxury of diversifying their investment portfolios.
“Some (retail investors) have the tendency to go all into one or two projects, so they might be bankrupt if they are hurt by this asymmetrical information on both sides,” said Li.
But Alex Felix, managing partner and chief investment officer at cryptocurrency venture capital company CoinFund, believes the blockchain can help prevent fraud and provide more benefit to NFT creators than traditional systems do.
“My approach to that has been largely that fraud has existed in the traditional (i.e. physical) world to a degree that is very tangible,” said Felix, whose firm backs a number of NFT developers.
“I don’t know if all the autographed (sports trading) cards I bought from my local dealer were truly authentic or not. So I actually think you get improvements in market structure here.”
Artists, sports teams, and other NFT creators will be able to structure in royalties every time that a token changes hands and verify author revenue rights, and the business model will usher in better ways of preventing fraud and abuse.
“I think there’s going to be some creators that go out there and are nefarious, where they’re going to do something – create more potential or opportunity from a collectible and don’t,” said Felix. “That’s the same with startups. It’s investment and it’s all about execution. I do think that, over time, the good cream rises to the top.”
Car-buying approach necessary
Investors should approach a potential NFT purchase like buying a car, said Noah Kline, CEO of Wincast, which will enable sports fans to purchase NFTs from live-streamed sporting events, starting this summer.
“You know you’re not going to go out and buy a car sight unseen,” he said. “You’re going to want to talk to the dealer. You’re going to want to look at the history. So that way, you know you’re making a proper purchase and you know you have more confidence in your decisions.”
Many frauds will continue, so investors need to research NFT development teams, their partnerships, and their track records, he added. NFT investors also need to be realistic about potential investment returns.
“Hoping to make $100m on a collection is foolhardy in most cases,” said Kline.
Markets in this article
Related topics