Axie Infinity is currently handling more than a million daily active users (DAU). As more and more players are coming into the game to play-to-earn, it is important to know the basic precautions in order to ensure that your accounts — most importantly your Axies — are safe. Multiple incidents of hacking have been reported and proper account security education is the most basic way to prevent them.
But how does an Axie Infinity hack happen?
This article is for information purposes only on how the Ronin wallet works and how hacks usually happen, as well as tips to keep accounts secure. This article is not and never an investment advice.
How Axie Works?
In Axie Infinity, a player can only play the game if they have bought at least 3 Axies, a requirement before anyone can access its different game modes and features. Before the player can buy into the marketplace they must create a Ronin wallet first.
The Ronin wallet is a layer-2 sidechain wallet which can only be downloaded as a Chrome extension and was purposely created so that every transaction happening inside the game of Axie Infinity is free from gas fees taxed by the Ethereum blockchain.
According to those people who got hacked, their Axies are “gifted” from their Ronin wallet and then transferred to the hacker’s Ronin’s wallet before selling them directly into the marketplace. Because of the high demand of Axies, they can be purchased instantly by a buyer in the marketplace without even knowing that it was sold by a hacker.
Based on the game’s account design and architecture, before a player can gift an Axie, it will ask first for permission on the Ronin wallet attached to the account.
Basically, the only way a hacker can breach someone’s account is through compromised or fake Ronin wallets.
1. Phishing Attack
Phishing attacks are one of the most common types of scheme hackers use to take over someone else’s account and based on the data of Google Safe Browsing, there are now nearly 75 times as many phishing sites compared to malware sites on the internet.
In Axie Infinity, hackers create a fake website and they sponsor it on Google Ads so people can see the fake website at the top of the Google Search related to Axie. The correct Ronin Chrome Extension can be found on the official Sky Mavis website: https://skymavis.com/products
As of August 24, 2021, there is no official Ronin Wallet on the App Store and Play Store. Whatever are there are fake accounts that will ask for your seed phrase. Once you give the hacker your seed phrase, the hacker can then proceed to take over your account and wipe out your Axies and other tokens you have.
But what if the player does not have a laptop or computer to access Chrome? Some players are using Kiwi mobile browser, which allows for Google chrome extensions to be installed in a mobile phone. In a post by Luis Buenaventura II, co-founder of BloomX, there’s not really a problem with Kiwi and more it is more likelier for the hacker to use a fake website to compromise a person’s Ronin account.
Other variations include “contests” that promise free airdrops etc in exchange for the player’s seed phrase.
2. Social Engineering
It’s possible that a beginner would ask the help of another person to set up their accounts. If the unsuspecting beginner shows his seed phrase to another person, a possibility exists that that other person might compromise the beginner’s account.
All the possible hacks start with the hacker knowing the victim’s seed phrase, so it is very important to keep this very safe and secure.
How to Protect Your Axie Account
1. Keep your secret phrase secure at all cost
This goes without saying. The only way for the hacker to access your account is when they get hold of your seed phrase. Never store this phrase online. Write in a notebook, saved multiple offline copies. Never share it with anyone.
2. Invest in a hardware wallet
Hardware wallets are the type of cryptocurrency wallets where you can store your private keys in a secure physical device. It can also act as a transaction signer and any transaction you will make through the account will request a permission on the device and must be accepted first before it pushes through.
As of this writing, the Axie Infinity Ronin wallet is only compatible with Trezor hardware wallets.
2. Always check the website for “https://” mark
Hypertext Transfer Protocol Secure (HTTPS) is one of the basic verification tools in every website. We can also compare it to Twitter profile’s verification blue check mark which states that the profile is whether a verified public figure or brand.
3. Invest in your knowledge
Cryptocurrency is very risky and not having the right knowledge about it will not just cost you money, but also your time. Make use of your time playing the game to also learn more about how crypto works. For the best results, check out the guides on BitPinas.com (you can use the search button.)
4. Buy only from the Axie Infinity marketplace
Naturally for beginners, the best place, and should be the only place, to transact and buy Axies is the Axie Infinity marketplace? https://marketplace.axieinfinity.com.
These are just the things you need to consider before considering to play Axie Infinity. Yes, this is a game that can entertain and take away your stress. However, it will put too much stress on you if your Axies will be gone in the blink of an eye.
Since its inception, Axie Infinity continues to dominate the whole NFT gaming scene and still rank as the top money earning protocol under Ethereum blockchain.
This article is published on BitPinas: How to Protect your Ronin Wallet, Axies, and Axie Infinity Account