Players of a particularly popular video game in Asia have seen their cryptocurrencies disappear. This is one of the most important virtual currency frauds carried out since the beginning of the phenomenon.
Asian players are furious. 600 million dollars have been stolen from the video game Axie Infinity, whose particularly speculative plot is based on the breeding and resale of small creatures called the Axies. Financial transactions that are done in cryptocurrency, based on the Ethereum blockchain, the best known after that of bitcoin.
” As part of this attack, what the hacker did was divert money by validating a form of financial transfer, impersonating the people who had the right to do so “Explains Gérôme Billois, cybersecurity expert for Wavestone. “ These are types of fraud that we see in the accounting departments of companies, where it takes 1, 2 or 3 people to sign a transfer order. »
The Vietnamese group Sky Mavis, which publishes the game and which uses a so-called blockchain lateral to the Ethereum cryptocurrency, allowing it to run its own internal transaction system without resorting to it for each of them, promised that it will recover the stolen funds.
►Also read : Chainalysis: 2021, record year for cryptocurrency thefts by North Koreans
The hack, discovered only after six days by Sky Mavis, is one of the biggest cyberattacks involving cryptocurrencies. It comes weeks after a previous hack of the Wormhole platform, also linked to cryptocurrencies, which saw $320 million disappear into thin air.
“ We see more and more piracy in the field of cryptocurrencies, says Roman Bieda of Coinfirm, a company specializing in blockchain security. But Sky Mavis showed a ” huge deficiency by taking so long to detect fraud, he added
On the trail of the 600 million dollars
Chainalysis, the specialist in blockchain analysis, and Ellptic, another specialized company, are helping Sky Mavis try to reconstruct the path taken by the lost money.
” Electronic currencies, by definition, for the most part, are currencies that are anonymous, but where it is easy to trace transactions. If the cybercriminal wants to turn this e-money into cold hard cash so he can profit from it, that’s when he can get caught. “says Gérôme Billois.
Hackers have many techniques at their disposal to cover their tracks and convert their fraudulent assets into traditional currencies. They can therefore use the mixing “, which consists of mixing fraudulent transactions with legitimate transactions to make tracing very difficult, but can also use cryptocurrency exchanges that are not too careful about the origin of the funds, or use platforms located in Korea of the North or in Russia.
For Roman Bieda, thieves and defenders of blockchain integrity are engaged in a ” permanent battle “. ” Cryptocurrencies are more and more widespread, there are more and more protocols and solutions, but the desire to reduce the cost of transactions, and to make profits sometimes pushes the industry to forget about security »he points out.