Ronin, the Ethereum sidechain specifically designed for popular NFT game Axie Infinity, has been the victim of a major hack, draining approximately US$625 million worth of WETH and USDC from its bridge.
Attack Started One Week Ago
Sky Mavis – the studio behind Axie Infinity – said the attack started on March 23, almost a week before being noticed yesterday, when a user was unable to withdraw 5k ETH from the bridge. The company is now reportedly in talks with several government agencies to identify the exploiter.
The attack occurred after four Ronin validators and one Axie DAO third-party validator were compromised:
Sky Mavis’s Ronin chain currently consists of nine validator nodes. In order to recognise a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO.
Ronin Network statement
The attacker drained US$25 million USDC and 173.600 ETH (nearly US$600 million) from the bridge that connects Ronin with the Ethereum mainnet by using “hacked private keys” to execute the exploit. In doing so, they were able to forge two fake withdrawals (transactions 1 and 2) and steal the funds.
Biggest Hack in Crypto History by Now
This is now the largest hack in crypto history, narrowly exceeding last year’s US$600 million Poly Network hack, but still significantly larger than the US$326 million Solana wormhole hack earlier this year.
Sky Mavis is said to be working with Chainalysis to monitor the stolen funds, most of which are still in the hacker’s wallet. Additionally, the company stated that it would migrate its entire node infrastructure, so it might take a while for things to get up and start running again. Also, as a result of the attack, both Ronin and Katana DEX are temporarily halted to avoid further attack vectors.
Jeff Zirlin, co-founder of Sky Mavis, described the hack as “one of the biggest in history” at the recent NFT LA conference:
Disclaimer:
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.
Credit: Source link