The company is collaborating with the law enforcement agency to recover 173,600 ETH and 25.5 million USDC (USD Coin) from the attacker.
Ronin Network (RON), a blockchain network underpinning the famous crypto game Axie Infinity and Axie DAO has suffered the largest crypto hack against a decentralized finance network reported to date.
Ronin Blockchain Hacked
According to Axie Infinity and Ronin operator Sky Mavis, around $625 million worth of cryptocurrency (173,600 ether) and 25.5 million in USDC were stolen after the network was hacked on Tuesday. The company had to freeze all transactions carried out via the Ronin Bridge that allows withdrawing and depositing funds.
1/4 @Ronin_Network update
Been an intense 36 hours
Been working with the Sky Mavis board and key cybersecurity personnel to get a complete overview of the situation
Our internal network is currently going through a deep forensics review to ensure there is no lingering threat— Psycheout – Aleksander | Axie Infinity (@Psycheout86) March 30, 2022
In a blog post published by Substack, the Ronin network’s official platform, Sky Mavis’ Ronin validator nodes were affected in the breach. The attacker used “private keys” to carry out fake withdrawals from the Ronin Bridge across 2 transactions.
For your information, the Ronin sidechain comprises 9 validators, and for withdrawals, it requires 5 signatures to prevent hack attacks. As per the blog post, the attacker found a backdoor via their gas-free RPC node and abused it to obtain the signature for the Axie DAO validator.
The Katana automated market maker and the Ronin Bridge are currently paused, and an investigation into the attack is still underway.
We are working directly with various government agencies to ensure the criminals get brought to justice.Ronin Network
Where Did The Funds Go?
The blog revealed that the attacker’s Ethereum address is a new address in which ETH was transferred from the Binance exchange around one week ago, while the attack reportedly took place last Wednesday, 23 March 2022. Most of the funds were in the attacker’s address, but approximately 6,250 ETH were transferred to multiple addresses.
Sky Mavis stated that they have collaborated with the law enforcement agency to recover 173,600 ETH and 25.5 million USDC (USD Coin) from the attacker. The transfer was identified nearly one week later when a user tried to withdraw 5,000 ETH via the bridge.
According to CoinGecko, the value of the Ronin network’s native token, RON, is down by 27%. Sky Mavis claims that Axie NFT tokens, the SLP, and AXS in-game cryptocurrencies haven’t been compromised. The company also stated that it would increase the number of nodes to eight and reopen the bridge at a “later date” after ensuring that funds cannot be drained anymore.