How do you steal $625 million? In the case of the Ronin Network, a cross-chain bridge that lets people make payments on one blockchain using cryptocurrency from another, you hack five passwords.
If that seems a bit light on the security front, welcome to crypto, where $14 billion was stolen, hacked and scammed last year.
But the Ronin Network hack showed a far bigger problem that crypto may have to confront as more and more money gets poured into decentralized finance (DeFi) projects: If your morals are elastic enough, sometimes crime pays very, very well — and $625 million will rubberize a lot of people’s morals.
This problem is one that the payments industry will have to pay attention to, as it goes to the heart of the technology permitting blockchain transactions to scale to the point where they can compete with credit card networks and other payments rails.
“This hack reflects the continuing challenges that blockchains and operators face in balancing user experience and security,” said Flora Li, head of the Huobi cryptocurrency exchange’s Research Institute.
Ronin Network is the blockchain underlying Axie Infinity, far and away the top blockchain-based massively multiplayer online (MMO) game, for the convenience of its eight million-plus players.
The problem, Li explained, is that as the game “exploded in popularity and saw a rapid influx in users on the Ronin blockchain,” and the developers “took shortcuts to relieve network bottlenecks, cutting down the number of nodes that needed to be validated for transactions [to be added to the blockchain] to just five of nine nodes, making it easier for hackers to exploit.”
That’s the dirty little secret of crypto, which likes to tout the immutability of the permanent and unchangeable blockchain. While that’s not wrong, what it doesn’t say is that current and recent transactions aren’t nearly as secure.
And even worse, taking control of a blockchain project allows you to rewrite its rules — which is apparently what happened to the Ronin Network.
The blockchain technology in question is called proof-of-stake, or PoS, and it’s the consensus mechanism used to secure virtually all DeFi projects — and really all crypto projects — in the past couple of years.
You can get into the details using the link above, but the core point is that PoS is what lets new blockchains avoid the energy-intensive, pollution-belching mining that powers Bitcoin.
PoS replaces Bitcoin’s miners, who compete to validate transactions, add them to the blockchain and collect a reward in newly-minted tokens. In blockchain, randomness is key to security — no one knows who’s going to be approving any specific transaction.
Instead of racing to solve a puzzle, like miners, PoS blockchains use randomly selected validators who put up a “stake” that is similar to the bonds criminal defendants put up to be allowed out on bail — a surety that they will show up for trial.
Like bail-jumpers, validators can be penalized by having their stake “slashed” for bad behavior, ranging from letting the network go down to approving bad transactions.
However, the problem isn’t that it’s sometimes worth jumping — it’s that if there are too few validators, it’s too easy to jump.
Which is where we get back to that fact that the Ronin thief only had to hack five passwords. With only nine validators maintaining the project, and well over a half billion dollars on the line, controlling more than half took a comparatively small amount of phishing to accomplish.
There’s another potential flaw with too small a PoS blockchain that doesn’t rely on hacking, however. Bad actors don’t have to be outsiders.
Let’s pause to be very clear: No one has even suggested the Ronin Blockchain validators were anything other than victims, but the thought exercise is pretty easy to follow.
To become a validator on many decentralized blockchains, all you have to do is set up a node — a computer running a copy of the blockchain — and put up a stake.
Generally, it’s not really that much money — in the five figures range — worth of the blockchain’s native token. If you set up enough nodes, you can overwhelm the “good” nodes.
It’s not quite that simple, of course. For one thing, staking generally involves getting lots of token holders to “delegate” their tokens to the staker in exchange for a cut of the rewards. While randomly chosen to validate any one block, validators are selected in proportion to the size of their stake — someone with 5% of the total amount staked will be chosen to validate 5% of the new blocks.
Other Options, Other Problems
An alternative is delegated proof of stake (DPoS), in which token-holders vote on a set number of delegates, with the top vote-holders becoming the validators. If that sounds better, it isn’t.
One example is Steem, a DPoS blockchain running a social media project. It was run by governance tokens, whose owners voted for “witnesses” with the 20 largest acting as validators.
When a wealthy investor bought a large majority, the witnesses froze his tokens’ votes. He then gathered enough votes to replace the witnesses and reverse the action and wrest back control of Steem. While no user funds were lost, a very large number decamped to a new version created by forking the blockchain.
Nor is mining-style proof-of-work, or PoW, a panacea. An offshoot of Ethereum, Ethereum Classic, suffered 51% attacks several times when bad actors were able to rent enough mining power to gain control.
A Balancing Act
The problem in Ronin’s case came down to centralization — or rather, lack of decentralization. It comes down to a tradeoff common to blockchain technology that Ethereum creator Vitalik Buterin called the “Blockchain Trilemma.”
At its core, it says that the three aspects of blockchain — decentralization, security and speed — require a tradeoff that means any two can only be improved at the expense of a third. As such, blockchain design is a balancing act.
Improving decentralization means more nodes, which slows the speed of the consensus in consensus mechanism — all nodes must agree to the validator’s proposed block.
Scalability means the number of transactions per second that the blockchain can handle. Making it more decentralized and secure cuts into its scalability. Security, of course, requires more decentralization, but cuts into speed and scalability.
That said, it’s also easy to read too much into the security problems Ronin Network’s hack displayed. Most of the top PoS blockchains have far more validators, and when Ethereum switches from mining to staking in the Ethereum 2.0 project, its number will be vast. It also claims it will be able to handle 100,000 transactions per second.
However, if you’re looking at putting payments on a blockchain, know what you’re getting into, and don’t buy into the immutable hype.