Written by Bonk
- The Ronin Network hack resulted in a loss amounting to $625 million, becoming the biggest hacking incident in crypto.
- The hack signifies the technical shortcomings of blockchain gaming, but is only a part of the many problems blockchain gaming will face in the future.
- Other problems include authentication, gameplay, ownership, and in-game economics.
The Ronin Hack: Only Part of The Problem
Sky Mavis, the developer of Axie Infinity, came under scrutiny after a hack where $625 million worth of assets were stolen. The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC after 5 out of 9 validators’ private keys were exposed to the attacker.
The Ronin Network was designed to address the throughput problem of Ethereum. The highly centralized structure was able to provide scalability, but not security as per The Scalability Trilemma. High centralization was meant to enhance the user experience, but ultimately failed by losing funds due to its very design.
The conundrum in blockchain gaming is that there is no right way to do things. Not only in the game design but also in technical solutions. Inevitably, a tradeoff must be made for each decision. Ronin’s hack simply shows how the play-to-earn model could be threatened by one bad actor, dubbed by the state of blockchain technology.
The Problem Doesn’t End, Technically
Scalability has been, and is still, the imminent challenge the industry is trying to solve as a whole. Many solutions have been proposed in the space by the likes of Solana, Avalanche, Near, and many others. Yet, this leads to more problems: interoperability, liquidity, and governance problems arise each time a new "ETH killer" enters the scene.
While the most basic problem of scalability and its supplemental issues are not solved, blockchain gaming has to deal with even more issues in the near future. The biggest problem is that these problems are not only limited to technology.
Web3 is Not Convenient
First, there is the problem of account-related issues. A pro-level player can gain access to a beginner account and start slaughtering everyone during a game. In gaming terms, "smurfing" can cause harm to other users and create an imbalance in the gaming experience. Game developers usually mitigate this problem with KYC procedures.
But how will one distinguish a unique player in a Web3 environment? NFT-based identification, proof of humanity, and reputation systems are proposed as potential solutions, but these solutions are often ineffective and require prerequisite conditions to be placed on third-party applications. What if someone has no idea what an NFT is? How will a system prove one’s humanity through arbitrary means?
One can argue that a Zero Knowledge Proof (ZKP) based solution can allow users to provide their personal information and authenticate their identity while minimizing the exposure of their data. But again, implementation of ZKs is fairly complicated and adds scope to the project just for the sake of a "Web3 experience."
A Web3 experience further implicates the user in terms of finance. Wallet management can become serious once a user accrues enough value in-game. Terms like "private keys" and "mnemonics" are only confusing. The lack of experience in crypto methodology might lead to hacking incidents or may act as grounds for mismanagement on the client-side.
Oversharing is Boring
What is more concerning might be the fact that blockchains are open source: you can literally see what other people are doing on a block explorer. Competitive games often leverage fog-of-war to bring excitement to the gaming experience. Enter blockchain. The excitement is gone. Every move from every player is observable.
However, most games only broadcast the crypto rewards attached to the game. By selecting what data to store on-chain, the game can provide a better experience. But again, this is grounds for another argument: the degraded blockchain.
A False Sense of Ownership
NFTs are only cryptographic numbers that represent data stored somewhere else. Without the frontend that shows what the numbers mean, the data loses all context, meaning, and value. Basically, NFTs are meaningless without a third party that gives the number context. And who are these third parties? game developers and their web servers. After all, blockchain games are not very decentralized. The technology in practice eventually requires trust to an extent.
The notion that value created in a game can be retained is somewhat misleading and will come off as deceptive in the current environment. In the case where a developer shuts down a game and disregards all related data, how many users will be willing to rebuild the game from scratch? Will the in-game NFTs have the same meaning when the game is rebuilt? If not, how can this NFT be valuable?
So, how are these games any different from legacy games? The only difference is that items and currency live on a different type of database: a "trustless database" that requires trust from a third party. Disregarding the fact that users value the context of the NFT while arguing that NFTs are agnostic to its platform is only true from a technological point of view.
Furthermore, in an effort to create more "value", developers often resort to the scarcity scheme to sell limited NFT collections, especially during land sales. Digital land sales historically ended up as in-game housing crises where speculation in the housing market disenfranchised users in the long term.
The Root Cause
The Ronin hack only demonstrates one of the many problems mentioned above. But the root cause is the same: tradeoffs made for a better user experience are actually not helping. These tradeoffs are made to allow more users to join the network, but simultaneously they are poised to become serious flaws. One can expect technological advancement in the blockchain space to address these issues, but again, we never know what tradeoffs will have to be made in the future.