Axie Infinity’s Ronin Network Hacked - $625 Crypto Heist

It is the largest Crypto hack in DeFi history.

An unknown hacker has stolen about $625 million worth of cryptocurrencies from the Ronin blockchain, which is the basis of the popular crypto game Axie Infinity. Operator Ronin and Axie Infinity Sky Mavis on Tuesday exposed a breach and froze transactions on Ronin's cross-chain bridge, which allows deposits and withdrawals from the company's blockchain.

According to the observations of The Block Research researcher Igor Igamberdiev, part of the funds went to the centralized exchanges FTX and

The hacker managed to get hold of 173,600 ETH (currently worth about $600 million) as well as USDC stablecoins (cryptocurrency pegged to the US dollar) with a total value of $25.5 million.

The Ronin on blog post says that the attacker took advantage of the vulnerability on March 23rd. To implement the attack, he managed to gain control over five of the nine validators.

The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO. 

The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through Ronins' gas-free RPC node, which they abused to get the signature for the Axie DAO validator. 

“The Sky Mavis team discovered a security breach on March 29 after reporting that a user was unable to withdraw 5,000 ETH from the bridge,” the developers wrote.

Sky Mavis says that the "axi" NFT tokens that players must buy to access Axie Infinity have not been compromised, nor have the in-game SLP and AXS cryptocurrencies used to fight and breed Pokemon-like cartoon axolotls.

The fate of other users' funds on the Ronin blockchain is in question. Sky Mavis says it is "working with law enforcement officials, forensic cryptographers and investors to ensure that users' funds are not lost", calling it their "top priority".

The Ronin hack appears to be the largest “decentralized finance” network hack to date, following the theft of $322 million from the Wormhole bridge protocol last month. A similar incident happened last year with the Poly Network project. The hacker withdrew $611 million but later returned all the funds.

Read Also
Post a Comment