Initial Game Offerings: a failed Initial Grifting Opportunity

David Gerard and I cowrote another story — this one on initial game offerings. Since we alternate posts, this one is on David’s blog. 

If you haven’t guessed, an IGO is a way to drum up funding for a blockchain game. The problem is, play-to-earn never took off. Axie Infinity was the only P2E game that saw any action.

Jackson Palmer mentioned the phrase in his interview with Crikey: “We’ve had ICOs, DAOs, now it’s NFTs. Now I’m seeing initial game offerings as the latest thing.”

The grift is always evolving.

News: Axie Infinity hacked, Germany takes down Hydra, SEC rejects Cathie Wood’s spot bitcoin ETF application

  • If you like my work, consider subscribing to my Patreon for as little as $5/month. Your support makes a huge difference. 
  • I’m available for freelance journalism projects. You can reach me here or DM me on Twitter. 
  • If you want to receive these blog posts as soon I publish them, send me your email. 

About that Axie-Ronin hack

On March 23, a hacker stole an eye-watering $625 million in crypto from the Ronin network, the blockchain powering the popular play-two-earn game Axie Infinity.

Six days later, the hack was discovered. Where was Axie cofounder Jeff Jiho Zirlin on that day? He was at a party in Los Angeles caught off guard by the press. (CNN Business)

“Shortly after his first interview, which was on the record and recorded, Zirlin asked if CNN could run his answers by his PR team before publishing. CNN declined the request.”

Axie originally ran on Ethereum. But since Ethereum is too sluggish and costly to use, it now runs on Ronin. How do you get your ETH onto Ronin? The Ronin Bridge. 

In the world of DeFi, a bridge lets you use crypto from a different blockchain.

The Ronin bridge locks up ETH, the native crypto of Ethereum, and issues a token on the Ronin sidechain that represents ETH called wrapped ETH, or WETH.  

Molly White wrote a post describing how everything works. A bridge is like a casino where you trade in your actual money for casino chips. Someone robbed the money and now you’re stuck with worthless chips. (Blog post)

Bridges are a honeypot for hackers. Qubit Bridge, Wormhole Bridge, Meter.io Bridge, and Poly Network Bridge have all suffered similar fates.

Why does this keep happening? David Gerard says DeFi is akin to a piñata. “You whack it in the right spot, and a pile of crypto falls out.” (Blog post) 

Ed Zitron points out that the real ones suffering from the Ronin hack are not the investors, the developers, or those in power, but regular folks who needed the money. (Substack)

The hackers are now in the process of cleaning their ill-gotten ETH. After a six-day head start, they sent $70 million in ETH through privacy mixer Tornado Cash. (Decrypt)

Venture capitalists need P2E

Venture capitalists are betting big on play-to-earn games, like Axie. A hack this size should put Axie and its developer Sky Mavis out of business, however, this is crypto.

Axie is backed by a16z. The Silicon Valley VC firm also has a big stake in Yuga Labs, which is transforming itself into a P2E gaming company as I type. Even though its founders have zero experience in gaming. I predict someone will bail Axie out with magic beans shortly. (My blog post)

In fact, Sky Mavis just raised $150 million in a funding round led by Binance, a leading Tether exchange, with help from the usual suspects, including a16z. (Substack)

Gensler wants Coinbase to register with the SEC

The SEC is weighing a path forward for Coinbase, and other crypto exchanges, so they can register with the agency. (FT)

Coinbase is not registered as a securities broker-dealer, even though the majority of tokens that it lists resemble securities. SEC Chair Gary Gensler has been urging Coinbase to submit to SEC oversight for months.

In speaking at Penn Law, Gensler said that he’s asked his staff to work with the CFTC to find ways to “register and regulate platforms where the trading of securities and non-securities is intertwined.” (Prepared remarks)

Crypto exchanges trade both crypto commodities and crypto securities, so Gensler wants to get the CFTC involved as well. 

Since crypto exchanges also custody crypto assets and act as market makers, he also wants to see if it makes sense to separate custody and market-making. 

Gensler’s comments come just weeks after Yuga Labs launched Apecoin, which resembles an unregistered securities offering. The same day Apecoin launched, it was listed on Coinbase.

SEC rejects yet another bitcoin ETF 

The SEC rejected an application for a spot bitcoin ETF led by Cathie Wood of Ark Invest. (SEC form S-1, SEC order, Decrypt)

The regulator rejected the application for all of the same reasons it has rejected every spot bitcoin ETF application put before it in the past: fraud, manipulation, wash trading, manipulative activity involving Tether, and so on.

At this point, the SEC is simply copying and pasting text.

Grayscale is clinging on to hope. The asset manager is so desperate to get its application for a spot bitcoin ETF approved that it is threatening to sue the SEC. (Bloomberg)

It’s also running a targeted ad campaign — taking over the entire advertising space between two mass transit hubs and their Amtrak trains for three months, so bitcoiners will drown the SEC in comment letters. (Business Insider)

The SEC’s deadline to rule on Grayscale’s application to convert its $30 billion GBTC into a physically-backed ETF is July 6. 

GBTC is now trading at 25% below NAV, meaning that investors, who are subject to a six-month lockup period, are losing money compared to those buying BTC directly. In addition, the fund has an investment minimum of $50,000 and an annual management fee of 2%. 

Grayscale CEO Michael Sonnenshein says the SEC has created an unfair playing field and forced investors into a futures-based bitcoin. 

There is a good reason why the SEC will allow a bitcoin futures contract and not a spot bitcoin ETF. Doomberg wrote a great post explaining it, which I highly recommend reading. (Doomberg Substack)

It comes down to this: Bitcoin futures are settled in cash, and the direct flow of dollars never enters the crypto ecosystem. In contrast, bitcoin spot ETFs are designed to buy and hold bitcoin directly, injecting much-needed U.S. dollars into the crypto universe. 

The bitcoiners need a bitcoin spot ETF because utility companies don’t accept tethers, and miners need to pay their power bills. Galaxy and DCG are propping up the U.S. miners. They’ve been lending U.S. miners money so they don’t have to sell their “stockpile” of freshly mined BTC.

Germany takes down Hydra

German federal police — known as the BKA — shut down Hydra, the largest Russian darknet market for selling drugs and money laundering. 

Working with U.S. law enforcement, BKA seized Hydra’s servers in Germany, along with 543 BTC ($25 million). (BKA statement, US Dpt. of Treasury press release) 

In conjunction with the shutdown of Hydra, the DOJ announced criminal charges against Dmitry Olegovich Pavlov, the site’s alleged operator.

Since it launched in 2015, Hydra facilitated more than $5 billion in transactions for 17 million customers. The site was written in Russian and most of its drug-related business was with sellers in Russia, Ukraine, Belarus, Kazakhstan, and surrounding countries. (Elliptic)

Hydra was more than just a drug market. It offered a mixing service to launder dirty crypto and exchange it for rubles, taking in $200 million in stolen crypto in 2021 and early 2022 alone. 

Vendors on Hydra even sold bundles of rubles for bitcoin, buried in dead drops for customers to dig up. (Wired)

Hydra was also used to launder funds from the 2016 Bitfinex exchange hack

The BBC has a story on how the police sting began with a tip-off and led to finding the “bullet-proof” hosting company in Germany. (BBC)

Elsewhere in crypto

Bitcoin miner Riot Blockchain produced 511 BTC in March and holds 6,062 BTC. Why are they holding? Coindesk didn’t bother asking. (Coindesk)

HIVE Blockchain released its March 2022 mining figures. It produced 278.6 BTC and over 2,400 ETH. As of April 3, 2022, HIVE is sitting on 2,568 BTC and 16,196 ETH. (Yahoo Finance)

I guess miners figure bitcoin will go up in price forever. Or may there is just nobody left to sell it to?

Crypto hacks in the first quarter of 2022 have amounted to $1.2 billion in crypto — that’s up nearly 700% from the same period last year. Web3 is going great. (Techcrunch) 

Buzzfeed did an in-depth story on Worldcoin, a bizarre crypto project that involves scanning the retinas of people in Africa and elsewhere in the global south in return for crypto. But with Worldcoin’s token yet to launch, participants feel robbed. (Buzzfeed)

Worldcoin is backed by Y Combinator President Sam Altman, a16z, and Khosla Ventures. It’s raised $100 million in funding so far.  

After purchasing 9.2% of the social media giant, Elon Musk has become the largest shareholder of Twitter. He also got a Twitter board seat. (NYT)

MicroStrategy purchased another 4,167 BTC for $190 million. It took out a loan against its bitcoin holdings to buy more bitcoin. What could possibly go wrong? Michael Saylor’s company now holds a total of 129,218 bitcoins. (SEC form 8-K, Bloomberg)

Federal prosecutors in Miami seized $34 million worth of crypto in one of the largest crypto forfeiture actions ever filed by the U.S. (DOJ press release, Miami Herald) 

After the horrible Kevin Roose story, the New York Times interviewed crypto critic Dan Olson to get his views on crypto. This is worth a listen. The transcript is also available. (Ezra Klein show, transcript)

Crypto investor Katie Haun has raised $1.5 billion for her new firm Huan Ventures after leaving a16z last year. (Wired)

Crypto asset funds are seeing surging assets under management. A16z’s crypto-focused funds are worth around $9 billion.(Cointelegraph)

While the SEC drags its feet to enforce securities laws, which are clear and have been in existence since the 1930s to protect investors, the powers-that-be are gathering more money to invest in token projects. 

Axie-Ronin hackers and the crypto laundromat — will they succeed in cleaning 174,000 ETH?

Axie Infinity, a popular play-to-earn game, suffered a breach, losing $625 million in crypto — 173,600 ETH and 25.5 million USDC, a popular stablecoin.

It’s the biggest hack ever in the GameFi sphere and a bit of a public relations problem for P2E promoters, such as VC firm Andreessen Horowitz (a16z), who ambitiously describes P2E as “the future of games and really, the Web as we know it.”

The hack took place on Ronin, the Ethereum sidechain that Axie runs on. Ronin uses proof of authority, a modified version of proof of stake, where it only has nine validator nodes, all officially whitelisted — so it’s not even decentralized. 

Via a backdoor, the hacker got a hold of four nodes that were controlled by the game’s Vietnamese developer Sky Mavis, and a fifth node controlled by the Axie DAO.

Because Sky Mavis wants to distance itself from Axie Infinity and in-game tokens, like AXS and SLP (smooth love potion), it created a decentralized autonomous organization. 

Once the hacker controlled the majority of nodes, they were able to forge transactions, and simply remove the money from the Ronin bridge, without a hitch.

Axie said in a tweet that the hack was the result of social engineering combined with human error from December 2021, but did not elaborate. Axie promised to add new validators to the network to make it more decentralized. 

Social engineering suggests something along the lines of a phishing scam. 

This is different from other recent bridge attacks, like Wormhole, wherein the attack was a result of a vulnerability in the smart contract. 

Six days to run for the hills

Ronin reported the hack on March 29 — but according to a Ronin blog post, the theft occurred six days earlier. Sky Mavis unwittingly discovered the breach after a user reported having trouble withdrawing funds from the network. 

How on earth do you lose hundreds of millions of dollars in crypto and nobody notices for nearly a week? Axie developers not only left the door open, but they also neglected to turn on the security cameras!  

All eyes are on the stolen crypto, as internet sleuths watch to see how the hackers will pull off the next part of this massive heist: laundering the funds. Clean crypto is always worth more than dirty crypto.

As soon as you convert stolen crypto to cash in your bank account, you risk revealing your identity. (Recall the two individuals recently nabbed after trying to launder bitcoin stolen from Bitfinex in 2016.)

Stablecoins can be frozen by the issuer — in this case, Circle. So the Ronin hacker laundered them quickly as possible, sending the ill-gotten USDC to decentralized exchanges Uniswap, and 1inch, and swapping it for ether. 

Most of the stolen ETH remains in the attacker’s wallet, but so far, the Axie-Ronin hacker has sent 3,750 ETH ($12 million) to Huobi and 1,220 ETH ($4 million) to FTX, according to Dirty Bubble Media. Funds were also sent to Binance and Crypto.com. 

Tornado Cash 

Once centralized exchanges realize where the funds are coming from, they can freeze accounts and even route the money back to Ronin — if they want to, and if the funds haven’t already been chain swapped away. 

Chain swapping, or chain hopping, involves sending the funds to an exchange, swapping them for another crypto, and then quickly moving those funds to another exchange. Many offshore exchanges have lax KYC controls.

Still, why didn’t the hackers use a mixer like Tornado Cash to scramble up the ETH instead? 

A mixer takes funds from different users and jumbles them all together, making it difficult to track the movement of funds on a blockchain. 

Tornado Cash works as a series of pools, each for a different value. You deposit coins in a pool, and sometime later, you can withdraw an equal number of coins.

The problem is, once you send crypto to a mixer, you have to wait for deposits and withdrawals from other users to achieve any real anonymity. That takes time.

And, since pretty much all of the big flows are identified as dirty, any large withdrawal is likely to be dirty as well. Also, exchanges may be reluctant to touch crypto coming out of a mixer, believing it’s all just tainted money.

“Exchanges are probably starting to get wise and just blocking Tornado Cash for non-KYC accounts because it is just SO cesspool even for them,” Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, told me. 

Binance, which integrated the Ronin wallet in September, said that as of Tuesday, it has suspended all deposits and withdrawals on Axie Infinity’s Ronin network, and it is on the lookout for unusual transactions — but again, the hackers were already ahead of the game, so it’s unclear what good this does.

(Update, April 4: The Ronin hacker is now routing funds through Tornado Cash, according to an address associated with the hack — a combined total of 2,000 ETH, or roughly $6.9 million.)

Refunding the money

Sky Mavis needs to find a way to refund Axie players, many of whom are now sitting on unbacked WETH — the ERC20 token that represents the ETH on the Ronin network.  

If the game developer can’t refund players, it may have to retire the game or face insolvency, putting the entire P2E space to shame. Right now, the firm has no idea how it is going to come up with the money. 

“We are fully committed to reimbursing our players as soon as possible,” Aleksander Leonard Larsen, Sky Mavis COO, told Bloomberg. “We’re still working on a solution, that is an ongoing discussion.”

The stolen funds include the deposits of players and speculators and the Axie Infinity Treasury, used to create a base revenue for the AXS token. Of the ETH stolen, 56,000 belonged to the Axie Infinity Treasury, Bloomberg said.   

The real losers

Play-to-earn games are exploitive. They promise users the ability to earn money while playing. But to play, you have to first purchase expensive NFTs, which not everyone can afford. 

In the case of Axie Infinity, that means purchasing three Axies — cartoon monsters that live on the Ethereum blockchain as ERC721 tokens — at a cost of up to a thousand dollars. Players pay because they see it as an income opportunity. 

In the Philippines, many players resort to borrowing Axies, and becoming indentured servants, playing for weeks on end just to recoup their initial investment. Playing the game becomes a mindless slog for those trying to earn a living wage, so they can buy food and keep a roof over their heads. The game itself functions as a pyramid scheme. 

Many of these players sold their in-game NFTs for ETH, which they hoped to turn into cash. Only now, the WETH in their Ronin wallets is worth nothing because there is no ETH to cover it, and they have nothing to show for all the days, weeks, and months of endless game playing. They are the real losers in all of this. 

As for the P2E boosters, Axie Infinity is too important to fail. In December, Sky Mavis closed a $152-million Series B led by FTX and a16z. That was on top of a $7.5 round six months earlier with contributions from billionaire investor Mark Cuban.

A16z-backed Yuga Labs, the firm behind the popular Bored Apes Yacht Club, is also making moves into the P2E space. Its APE token will serve as the in-game currency for Animoca Brand’s Benji Bananas. The firm also recently dropped hints of another game called Otherside, where virtual land will be sold as NFTs.  

Unless the Ronin hacker has a change of heart and returns the money, it looks like a superhero may have to step in to save the day. In the world of crypto, more often than not, that means pulling more money out of thin air in the form of tokens. 

If you like my work, consider supporting my writing by subscribing to my Patreon account for as little as $5 a month.