Ronin Validators hacked, costing Axie Infinity $620 million

Reports says there was an attacked on the Ronin network of Axie Infinity. A hacker has been successful in siphoning 173,600 Ethereum and 25.5 million USD coins (USDC). This is according to Sky Mavis, the developer of the blockchain NFT game Axie Infinity. The attacker has amassed approximately $620 million in cryptocurrency holdings. As a result, the company halted the Ronin bridge and Katana Dex.

Axie Infinity is the world’s largest NFT blockchain game. The hacking amounts to $620 million dollars.

The Ronin network validators were compromised on Tuesday. This resulted to an attack on the largest non-fungible token (NFT) blockchain game, Axie Infinity. Sky Mavis revealed it on March 23. Sky Mavis is the firm behind the Axie Infinity project.

Axie Infinity
Axie Infinity

It took two transactions (transaction 1 and transaction 2) to drain the funds. Sky Mavis only found out about it when someone complained that they were unable to withdraw the requested amount of 5,000 ether from the Ronin bridge.

According to Sky Mavis’ post-mortem statement, “The attacker utilized compromised private keys in order to create false withdrawals.”. They are working with law enforcement agencies, forensic cryptographers, and their investors. This is a way of ensuring the retrieval and reimbursement of any funds. All of the AXS, RON, and SLP on Ronin are safe for the time being.

The team went on to clarify that the project makes use of nine validator nodes to run Ronin. In order to deposit or withdraw money, five out of nine validator nodes must be present.

In a statement, Sky Mavis stated the attacker was able to gain control over four of the company’s Ronin Validators as well as a third-party validator operated by Axie DAO.

Sky Mavis

“The validator key scheme is designed to be decentralized in order to minimize an attack vector, such as this one. However the attacker discovered a backdoor through our gas-free RPC node. They exploited in order to obtain the signature for the Axie DAO validator.”

It gets worse because Sky Mavis states that the attacker was able to get away with it because to a change made back in November 2021. They abandoned the “Axie DAO allowlisted” technique the following month.

However, according to the company, “allowlist access was not removed,”. After the attacker had access to Sky Mavis systems, they were able to obtain the signature from the Axie DAO validator. The attackers used a gas-free RPC. Sky Mavis’s post-mortem was extended to include the following:

In our investigation, we discovered that the signatures in the malicious withdrawals correspond to the signatures of the five accused validators.

The attack against Ronin was the year’s largest hack on a crypto protocol. It surpassed the attack on the Wormhole bridge. The Wormhole bridge attack resulted to $320 million loss. However, Jump Crypto replenished the funds. Sky Mavis is collaborating with law enforcement to “guarantee the culprits are apprehended.”

Additionally, the team is in the process of consulting with stakeholders and determining how to compensate users. “Sky Mavis is here to stay and will continue to grow,” the team concludes in its post mortem.

Leave a Reply

5 × four =