Axie Infinity CEO pulled out $3 million of crypto before $600 million hack was announced

Axie Infinity
(Image credit: Sky Mavis)

While the gaming mainstream remains deeply distrustful of anything associated with crypto, one of the apparent successes was Axie Infinity: a Pokémon-style game built around pets called Axies that can be traded, battled and, of course, are claimed to have some sort of 'real' value. Axie Infinity's ecosystem was valued in the hundreds of millions. Then, on March 23, the company's 'sidechain' Ronin network was hacked, with the perpetrators stealing Ethereum and USDC stablecoins that were at the time valued in the region of $600 million.

The game's developer Sky Mavis was forced to acknowledge the hack and disable token withdrawal. But not before Trung Nguyen, the CEO and co-founder, transferred $3 million worth of AXS, Axie's main currency, from the game's blockchain into Binance, a crypto exchange.

I appreciate that this is becoming a word salad of crypto terminology. The important point is that, when the outside world was unaware of the hack, or that trading in the game would be suspended as a result, a key inside player transferred a lot of value out of the Axie ecosystem. Oh: and no-one should have realised.

The transactions were first noticed and analysed by Asobs, a youtuber who analyses the crypto scene. They were tipped off about a wallet that had moved 48,838 AXS tokens from Ronin (the sidechain network) to Binance, a huge amount, and managed to dig back through this wallet's transactions to see it had received the largest initial payment of AXS tokens when the game was launching.

Asobs then tracked down further wallets allegedly belonging to Sky Mavis employees through this method, a great tactic because the studio transfers AXS to employees regularly. Several of these had also made large transactions at the same time as the wallet which Asobs would eventually link to Nguyen. 

Bloomberg Business then picked up the baton, which soon ended up with Sky Mavis admitting to the transaction and that Nguyen owned the wallet concerned.

Kalie Moore, a Sky Mavis spokeswoman, claimed to Bloomberg Nguyen was in fact trying to help the Axie Infinity economy and ensure there was enough liquidity on-hand. She wrote:

"At the time, [Sky Mavis] understood that our position and options would be better the more AXS we had on Binance. This would give us the flexibility to pursue different options for securing the loans/capital required. The Founding Team chose to transfer it from this wallet to ensure that short-sellers, who track official Axie wallets, would not be able to front-run the news."

Moore adds that suggestions of any other motive are "baseless". Subsequent to this coverage, Nguyen himself took to social media:

"This story includes speculation of insider trading," writes Trung. "These accusations are baseless and false. In fact, the Founding Team even deposited $7.5M from a known Axie multi-sig wallet TO Ronin Network prior to the bridge closing to avoid triggering any short-sellers watching. My life’s work is Axie Infinity and the community we’ve created together. I take ownership of the security breach, and will use it as a learning experience."

Trung also goes on to claim that "the Bridge has been re-opened with all player funds backed 1:1. Many in the media have conveniently ignored this, as it doesn’t fit their predetermined narratives."

It is true that, following the hack, Sky Mavis immediately raised just over $150 million in funding, some of which was earmarked to reimburse victims of the attack, and the trading suspension was only temporary. But the 1:1 claim neglects to mention that the value of an AS token was $64 before the hack and is now trading at more like $18.

"We can see the money moved," Asobs says. “The only question is what happened behind the money moving.”

Whatever has gone on here, it's murky in a manner that is typical of crypto: a space where tangible value is always several steps removed and, in the cases of ecosystems like that of Axie Infinity, ultimately controlled by its keepers.

Of one thing there is no doubt, and that is the hack was very real. The US Treasury department pinned the heist on the North Korea-based hacker collective that calls itself Lazarus Group, and added them to its international sanctions list, saying in a statement sent to PC Gamer that this was due to the FBI identifying a digital wallet associated with the heist.  

"Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th," an FBI representative told PC Gamer. "The FBI, in coordination with Treasury and other U.S. Government partners, will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime."

Lazarus Group has stolen hundreds of millions of dollars worth of crypto over recent years, and some crypto security experts estimate that as a result the rogue nuclear state may now be sitting on over half a billion of unlaundered crypto assets. The US says this is all about avoiding sanctions and funding its weapon programs, and takes the threat very seriously: recently jailing a former employee of the Ethereum Foundation for more than five years (and fining him $100,000) for giving a presentation in North Korea in 2019 on "using cryptocurrency technologies to evade sanctions and launder money." Probably wasn't the wisest title for a talk.

As for Axie Infinity, it chugs along, though recent reports suggest its in-game economy is having its own collapse as digital 'landlords' struggle to find players willing to do the dirty work for them. Play to earn has never seemed an especially attractive prospect, and when you look at the kind of stories that coalesce around these projects, no wonder.

Rich Stanton

Rich is a games journalist with 15 years' experience, beginning his career on Edge magazine before working for a wide range of outlets, including Ars Technica, Eurogamer, GamesRadar+, Gamespot, the Guardian, IGN, the New Statesman, Polygon, and Vice. He was the editor of Kotaku UK, the UK arm of Kotaku, for three years before joining PC Gamer. He is the author of a Brief History of Video Games, a full history of the medium, which the Midwest Book Review described as "[a] must-read for serious minded game historians and curious video game connoisseurs alike."