$600 Million in crypto…gone!

“Lookin’ for somethin’ to help me burn out bright
And I’m lookin’ for a complication
Lookin’ cause I’m tired of lyin'”

– Foo Fighters, Learn to Fly

In honor of Taylor Hawkins’ untimely passing, I am starting out with Foo Fighters’ Lyrics, from one of their best songs, which ties into our crypto post.

All over the news is a recent $600m theft of crypto assets from  Axie Infinity, including:

  • https://www.nbcnews.com/tech/tech-news/axie-infinity-crypto-hack-what-to-know-rcna22178
  • https://finance.yahoo.com/news/hackers-steal-615-million-in-crypto-194522160.html
  • https://www.nbcnews.com/tech/tech-news/hackers-steal-600-million-maker-axie-infinity-rcna22031

Whenever a crypto company announces a hack, it almost queues up the talking heads who go on various news stories and regurgitate the same basic points about crypto not being secure, or not ready for prime time, or generally associated with a scammy part of the world.

Certainly, some of this is warranted and fair.  As companies grow and increase their security, you would expect them not have these types of problems.  It is unthinkable that other types of institutions, such as banks or asset managers would simply lose this quantity of money.  And in fact, this is by design.  Most banks and financial institutions operate in a world where they have various levels of risk controls.  If you try to take out $30 from a bank, no problem.  But, go try to take out $50m and see what happens.  (This of course assumes that you’re fortunate enough to have that level of money in your account!)

When crypto losses like this happen, it’s usually the result of two basic factors, though the details vary considerably each time:

  • Immature companies, growing fast with limited controls
  • A technology that allows for instantaneous, final transactions with simply a long key (often expressed as a seed phrase or password protected wallet)

The collision of these two factors can be catastrophic.  In human worlds, when a company is growing, there is a focus to grow at all costs.  In fact, there is a good YC article to read that discusses why this is the lifeblood of a start-up, and should be their focus: http://www.paulgraham.com/growth.html

Notice how this article explicitly does not talk about risk controls, audits or compliance.  This is intentional.  In fact, most VCs and entrepreneurs would argue that one of their strengths is that JFDI and don’t need multiple authorizations or time periods to pass for transactions to become valid.  They brag, often as they should, that while others were thinking about something, they just did it.  And then, did it again.

So back to this hack.  Axie Infinity is the hottest crypto game, and undoubtedly one of the hottest Metaverse properties.  It uses crypto-technologies to create an actually fun game, which has millions of users.  Almost no one else has done this, and many have tried — simply look at the number of NFTs being sold for a game which has not yet launched, and is pretty lame when it does.

Axie Infinity was valued at $3B in a fundraising round over a year ago and is certainly in grow, grow, grow mode.  Any restrictions on being to transact, or access its tokens will slow the growth and introduce headaches.  While they probably put something in place, the real world often meets the process, and process loses.  Perhaps someone has to approve transactions and robotically approves 100s per day.  Perhaps someone called and pretended to be the CEO and ‘urgently’ needed a release.  Perhaps someone internally found a seed phrase and shared it.  Perhaps it was something else.

Crypto has always been a bit of a double edged swords.  One of  biggest advantages of being final and needing only a key to transact, also lead to it being easily and permanently stolen.  Topics such as private key management get very little attention and are poorly understood in principle, even by the biggest proponents.  And, when this happens, bad things can happen.

I expect that technology will ultimately solve this problem, as it has in other financial industries.  Improvements in wallet technologies are making such hacks harder, and will adopt more a bank-like system, especially when used by enterprises like Axie Infinity.  The vanguard will always suffer various challenges, but this is all solvable, and it will happen over time.

But, this is also a reminder to keep your private keys/seed phrases secure and look at the wallets that you’re using!