How to protect your Ronin wallet, your axies and your Axie Infinity account.
And it seems that so many guides have already been written, warnings have been sent out. In chat rooms, the pins are bursting under the weight of the security posts when using the Ronin Wallet. But all the same, the stream of cases of “account hijacking”, fraud, and, consequently, loss of funds continues.
Therefore, it was decided to write about it again. Special thanks for the translation and adaptation of @Aleksey_Azanov.
How can you defend yourself?
It's important to know the basic precautions to keep your accounts - and most of all, your Axis secure. Hack incidents are reported daily, and proper account security training is the most basic way to prevent them.
In Axie Infinity, the player can only play if he has bought at least 3 Axis, which is a prerequisite for gaining access to various game modes and features. Before a player can make a purchase on the market, they must first create a Ronin wallet.
Ronin Wallet is a second tier sidechain wallet. Ronin can only be downloaded as a Chrome extension! It was created specifically to ensure that every transaction in the Axie Infinity game is not subject to the gas charged by the Ethereum blockchain.
According to those hacked, their Axis are “donated” from the Ronin wallet and then transferred to the hacker's Ronin wallet before being sold directly on the market. Due to the high demand for Axi, they can be instantly bought by a buyer in the market who did not even know that a hacker sold them.
Based on the design and architecture of the game account, before a player can donate an Axi, he will first request permission on the Ronin wallet associated with the account.
Basically, the only way a hacker can hack into someone's account is through a hacked or fake Ronin wallet.
Hacking schemes
Phishing attack
Phishing attacks are one of the most common types of schemes that hackers use to hijack someone else's account.
Hackers create a fake site and pay for ads on Yandex and Google so that people can see the fake site at the top of the search results. Such phishing links are marked with a gray "advertisement" text:
The correct Ronin Chrome extension can be found on the Sky Mavis official website: https://skymavis.com/products.
There are fake accounts that ask for your start phrase. Once you give a hacker your phrase, he can take over your account and steal your Axis and other tokens that you have.
Other variations include "contests" that promise airdrops, etc. in exchange for the player's secret phrase.
Social Engineering
All possible hacks begin with the fact that the hacker learns the victim's secret phrase, therefore it is very important that it is reliably protected.
How to protect your Axie account
- Keep your passphrase safe at all costs
It goes without saying. A hacker can access your account only when he learns your passphrase. Never store this phrase on the Internet and on your smartphone (in photos, notes)! Write it down in a notebook, keeping several offline copies. Never share it with anyone. You can save it to a USB flash drive, where only the seed phrase and private key will be stored, but be sure to have a printed copy. For even greater security, the paper carrier can be placed in a metal flask in case of fire and stored in a safe place.
- Invest in a hardware wallet
Hardware wallets are a type of cryptocurrency wallet where you can store assets on a secure physical device. It can also act as a device to sign transactions, and any transaction you make through this account will ask for permission on the device and must first be accepted on the hardware wallet before it can go through.
As of this writing, the Axie Infinity Ronin wallet is only compatible with hardware wallets Trezor... (Issue price from ~ $ 100. Agree, a small fee for the safety of your Axis)
In order to avoid buying a compromised wallet, it is important to buy in trusted places, not from hands, to monitor the integrity of the packaging and seals.
Record the moment of unpacking on video.
- Always check the site for the “https: //” mark.
Hypertext Transfer Protocol Secure (HTTPS) is one of the basic verification tools on every site. We can also compare it to the social media profile verification flag, which indicates that the profile is a verified public figure or brand.
- Invest in your knowledge
Cryptocurrency is very risky and the lack of correct knowledge about it will cost you not only money but also time. Invest your time to learn more about how cryptocurrency works.
- Buy only on the Axie Infinity Marketplace
Naturally, the best and only place to make deals and buy Axi is the Axie Infinity Marketplace. We recommend that you add it to your bookmarks and go to the site only through bookmarks: https://marketplace.axieinfinity.com.
- Use licensed software and antivirus
Hacked software can carry Trojans that will steal your assets. Do not download torrents or anything else on your workstation where keys can be stored, wallets installed, and so on. And also carefully check the address after you have copied and pasted it into the recipient's addressee field. There are times when the address can change.
And something else from Sky Mavis.
Join the discussion in our Telegram chats:
RU - @CryptoGamingPool
EN - @CryptoGamingPool_EN