- As per official Twitter channel for Ronin network and official Discord of Axie Infinity, they received damage of $612 Million by hackers.
- Attacker utilized private keys to make fraudulent withdrawals, taking the fund out of Ronin wallet in just a couple of transactions.
- At the time of writing, Ronin’s indigenous token RON was down by 20.24% in previous 24 hours, and trading at a market value of $1.80.
Hacker Targets Ronin
Ronin bridge got compromised for more than $600 Million by the attacker. Ronin team says that, they are constantly making contact with teams at prime exchanges, and will reach out to everyone soon.
As per Discord channel of Axie Infinity and official Twitter of Ronin, alongside Substack page, Katana Dex and Ronin Bridge operations were stopped after inflicting a damage of 25.5 Million USDC and 173,600 Ethereum, which were worth over $6000 Million.
Its devs stated that, at this moment, they are working with law enforcement authorities, their investors, and forensic cryptographers to get the funds back. As of now, all SLP, AXS, and RON tokens are secured.
Just a Couple Of Transfers Involved In Attack
According to Ronin devs, hacker utilized hacked private keys for forging fake withdrawals, leaking the funds from Ronin Bridge in just a couple of transactions.
More importantly, the hack was conducted on 23 March but was identified on Tuesday after a user purportedly unveiled issues after a failed withdrawal of 5,000 ETH via Ronin Bridge.
Ronin chain by Sky Mavis comprises of 9 validator nodes, of which a minimum of 5 signatures are required for withdrawal or deposit. Hacker gained command over 5 private keys, comprising of 4 Sky Mavis’s Ronin validators and a 3rd party validator managed by Axie DAO.
Previous November, when Sky Mavis, Ronin ecosystem, and Axie Infinity developer, asked for assistance from Axie DAO whitelisted Sky Mavis to sign several transactions on its behalf, and the approach halted in December. However, accessibility to whitelist was not rescinded.
As soon as hacker got accessibility to Sky Mavis network, they obtained a final signature from Axie DAO verifier, thereby finishing node threshold needed for illegitimate siphoning of funds from Ronin. As of this writing, majority of hacked amount was still persisting in attacker’s wallet.
As this article was being written, RON, native cryptocurrency of Ronin, was trading at a market value of $1.80, down by 20.24% in previous 24 hours.
Security is a major concern faced by all blockchains, and developers must constantly work on security to make system robust. It is impossible to avoid a security breach, as hackers are always looking for one loophole, and as soon as they find it, you are busted.
One thing devs can do is to think like those hackers, look for the loophole before attackers do, and fill that gap so that there is no chance for a hacker to compromise the security.
Source: https://www.thecoinrepublic.com/2022/03/30/hackers-snatch-600-million-from-axie-infinitys-ronin-bridge/