Play 2 Earn, Pt 4: P2E Hacks & Risks - Newsletter #218
Axie Infinity was once the premier P2E game. What happened?
We started our P2E discussion with a breakdown of Gaming & Rewards programs and then followed that up with an overview of the future of Social Media. Last week, we dove into Tokenomics and talked about Creepz. Today, we’re looking at another P2E case study.
If you’re interested in learning more about any of the P2E topics we’ve covered, just send us an email so that we know to dedicate another newsletter to digging deeper.
P2E Hacks & Risks
Technical Level: 🛠️
When I was a kid, I spent thousands of hours playing an online game called RuneScape. The fantasy MMORPG took you through an expansive and open world, where you could train your skills, interact with other players, and participate in a constantly changing in-game economy. The game had no real objective–rather, you were free to explore the world in whatever way you like, participating in a variety of quests and activities along the way.
One of my favorite things about the game was the supply-and-demand style aspects of the economy. The Grand Exchange (the game’s central trading hub) updated in real-time, and allowed you to exchange any item you’d picked up along your journey for gold.
If you stepped foot into the Grand Exchange, you’d immediately see a barrage of players and bots spouting messages using the game’s in-game chat system. Some of these messages even advertised real-world exchange sites, where you could exchange real money for in-game money, or vice-versa.
As a kid, I started to understand that the items that I spent endless hours earning had some sort of real world value. If people were willing to pay real money for my stuff, that had to mean something right?
Despite the bot advertisements for off-platform exchanges, the game rules outright forbid “real-world trading.” While threats of a suspension or ban could deter some players from doing so, more than anything it simply forced players into riskier methods of exchanging items. If you tried to extract some value back for your time and use one of these real-world exchanges, you had to trust the website was legitimate, trust the person you were trading with would honor your deal, and hope that you could actually somehow make it through the entire transaction without getting scammed.
That’s not to say people didn’t do it; many in countries like Venezuela were even able to make living wages off playing the game.
It's more to highlight the idea that when there is real-world money involved, and absolutely no consumer protection, it creates a great opportunity for bad actors to capitalize.
In RuneScape, like many open world games, the freedom you are given to create your own journey comes with responsibility. When you can freely trade between players, people can give each other whatever in-game items and gold they would like.
Whether it be hackers trying to get into your account to physically take your items, or scammers luring you in with tempting offers, it was impossible to play the game without learning a hard lesson: random strangers online don’t have your best interest at heart.
So where am I going with this? Sure, I’ve been talking about a game. But it is no coincidence that so many throughout the crypto space grew up playing RuneScape, MapleStory, Counterstrike, Fortnite, World of Warcraft, etc. The same things that users loved from those games are key concepts in the crypto and NFT landscape.
So what are the lessons here?
Virtual assets can have real tangible value
People are willing to pay a lot for rare and unique things
Open spaces and moving economies create opportunity for profit
When extractable value is involved, people will try to capitalize on it in any way possible
Centralization and rules don’t hinder the mal-intentioned
All of these things are relevant to the modern P2E experience. When virtual assets are worth or create real world value, there will constantly be people trying to take them from you. It’s your responsibility, and your responsibility alone to protect your assets.
If you’re involved with crypto or NFTs on social media, I’m sure you’re familiar with the endless onslaught of scam messages. If you were a novice entering the space, it would be easy to fall for any of the increasingly complex scams that are seemingly everywhere.
Of course, we’ve spent lots of time discussing how to keep yourself safe while navigating through web3 (and I’m sure we will continue to cover it more later down the road). But the harsh reality is that even if you’re fortunate enough to dodge all the scams, your assets still might not be safe.
No one knows exactly how much bad actors have extracted from the crypto space throughout the past few years, but to say it's a multi-billion dollar theft would probably be an understatement.
While of course there are people getting phished or hacked everyday, individual losses make up a very small piece of the whole pie.
When you put your money into an exchange, protocol, token, game, or anything else in crypto, you’re relying on the contracts and security of that platform. When that security fails or is exploited, it can lead to some massive losses.
We’ve talked about Mt. Gox and FTX, and how exchanges come with inherent risk. But similar risk is involved when you put your money into a web3 game, or when you use any platform in which you’re depositing USDC or ETH in exchange for local assets.
This leads up to Axie Infinity.
Axie Infinity
Axie Infinity was once the largest Web3 game. Players from around the world flocked to Vietnamese studio Sky Mavis’ hit P2E in search of entertainment, but more importantly, profit. Unlike most video games, P2E games encourage real-world trading of assets.
Also unlike most video games, there was a way for players to start playing at little to no cost by joining under another users’ “scholarship'' program. Axie was often criticized, even at the time, for operating akin to a pyramid scheme; the referrer would earn more than the user, and the earlier you started playing the better chance you had to make a profit.
But nonetheless, Axie was at one point the #1 P2E game by a landslide. It amassed a huge player base, reporting over 2 million active daily users and over $4B in sales near its peak.
Let’s talk about how the game works.
Axie Infinity is a Pokémon-style game. Players would raise their axolotl-style creatures named Axies, take them to battle, and participate in turn-based combat. If you didn’t join with a scholarship, you could simply buy some Axies off the marketplace and begin playing.
There were two main modes to the game. The PvE (player-vs-enemy) mode allowed players to earn a token called $SLP, while the PvP (player-vs-player) mode allowed players to earn $AXS.
$SLP stands for Smooth Love Potion, and is the key cryptocurrency responsible for breeding Axies.
$AXS stands for Axie Shards, and operates as the ecosystem’s governance token.
When players created new Axies, they were burning both $SLP and $AXS tokens, which effectively kept the supply of the two cryptocurrencies relatively steady.
These tokens, along with the game, were primarily found on the Ronin blockchain. Ronin is an Ethereum sidechain natively developed by Sky Mavis with the intention of freeing their games from mainnet gas fees.
Ronin was secured by a consensus mechanism composed of 9 validators. We’ll get into it more in the coming months, but similar to a 51% attack, if someone were to control more than half of the validators, they effectively had ultimate control of the network. For this very reason, Sky Mavis retained four of the validators, and spread the remaining five among trusted third-parties.
Meanwhile, the Ronin bridge allowed users to bridge their ETH into the Axie environment. When you bridge in, your mainnet ETH is locked, and an equal amount of Ronin assets are unlocked
Think of it like a casino (no, not the gambling part). You convert your money to chips when you get there, you use the chips the whole time you’re there, and know that when you leave you can exchange them back for real money.
The problem arises when the chips can’t be exchanged back for real money. And that’s exactly what happened.
On March 23, 2022, the four main Axie nodes along with one additional third-party node that had reportedly granted permissions to Sky Mavis the ability to sign transactions on its behalf, were compromised. The entire $625M treasury stored within the Ronin bridge was emptied, leaving players holding unbacked chips.
Who knows if Axie’s tokenomics would’ve survived if not for the devastating hack, But despite repetitive attempts over months to right the ship such as a bailout to the tune of $150M, it's clear that the damage done to Axie Infinity and developer Sky Mavis by this hack is unfixable.
Wrapping Up
The concept of P2E is something that has been brewing for decades, but it is still in its early stages. There will certainly be a plethora of scams and poor tokenomics, in addition to hacks like Axie, that stand in the way of the P2E success story. There is yet to be a more successful P2E environment than Axie Infinity once was, but I’m confident that one day there will be.
News of the Week
After reports that Binance General Counsel Han Ng, Chief Strategy Officer Patrick Hillmann, Senior Vice President for Compliance Steven Christie and other executives are leaving the company, Binance CEO CZ reassured Twitter that it was only part of usual turnover, rather than a mishandling of the DOJ case.
Another indicator of the continued NFT lull: the floor price of the Yuga Labs’ Bored Ape Yacht Club NFT collection fell to a 20-month low of 27.4 ETH on Sunday evening before rebounding back to 32.5 ETH (as of 7/7/23).
Team members of BarnBridge, a protocol that held half a billion in assets at its peak, are being investigated by the U.S. Securities and Exchange Commission.
The news was broken by legal counsel in the DAO’s discord, and confirmed on Twitter.