Web3. The future of the internet. The spine of a new world where decentralized apps and tokenomics lead the way. In the hullaballoo of major companies trying to scramble their way to the top of this new virtual world, are the consumers’ interests of greater privacy and security safeguarded? Or do the people have to bow to unethical economical practices even in a practically made-up world?
A recent debacle involving hackers breaking into Axie Infinity, an NFT-based online game where players can play and earn in ETH, left members of the VR world in disarray. They hacked into the game’s Ethereum blockchain and robbed approximately $500 to $600 million. This makes us wonder, if this so-called guarantee that blockchain-based economies shield consumers’ assets to a greater degree than ever known before is no more real than the world it is built upon?
As hackers broke into Axie Infinity’s Ronin bridge to get into the blockchain, we get to know that the now-compromised game did not have a strong defense to begin with. With many players losing so much of their money in this, apparently it gets even more infuriating to know that the hackers needed to bust only 5 of the 9 required validating accounts to get to the blockchain. Coupled with the fact that it only took these hackers a negligible amount of time to shatter the financial stronghold of this extremely popular game with currently 8.3 million players – it is no less than a travesty what Web3 members have to go through. Just because of a lack of an appropriate security infrastructure.
Any such theft in the real world will have brutal consequences to safeguard the people involved and their assets. But in Web3, not only does the identity of such hackers become very difficult to determine, but the fact that such a large scale theft even took place would not come to attention. This is also what happened with Axie Infinity, where the team behind the play-to-earn game took 6 days to be aware of the fact that it had been plundered. That is nearly a week after the incident took place which was followed by a bleary consolation to the pillaged players, as can be seen in the tweet below.
It’s a hard day. We will keep building. Thanks to those that have reached out and I’m sending love to all of you.
— The Jiho.eth 🦇🔊 (@Jihoz_Axie) March 29, 2022
It is no longer a surprise that Web3 projects come with a lot questionable information security practices. This leads to similar invites to hacker groups who ransack blockchain bridges, all thanks to weak financial defenses and even weaker engineering flaws. As the number of play-to-earn games rise in the virtual world, placing cryptocurrency at the center of its economy – there is an emergent need to recognize the importance of a sturdy framework to regulate and protect asset consumption.
Similar incidents have occurred at Wormhole, where about $320 million were stolen from its Solana blockchain; nearly $600 million ravaged from Poly Network and about $28 million taken from Cashio. These security horrors only reiterate the fact that virtual consumers need to be looking out for their own safety and while everyone wants to rapidly get on the Web3 bandwagon – we simply cannot deny the immediate need of a governing structure to help protect players’ digital assets and penalize those who disrupt the economy.
Web3 security failures are now becoming an alarming norm. It is true that decentralized apps require more sophisticated security frameworks, but so does the need for accountability. This large responsibility needs to be regulated properly before every other Web3 startup starts losing its credibility as well.
