Jump to content
  • $620 million in crypto stolen from Axie Infinity's Ronin bridge

    Karlston

    • 549 views
    • 3 minutes
     Share


    • 549 views
    • 3 minutes

    A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history.

     

    Ronin is an Ethereum sidechain created by Sky Mavis to faciliate transactions for the Axie Infinity game, with the bridge acting as a way to transfer ERC-20 tokens between the Ethereum and Ronin blockchains.

     

    Today, Sky Mavis disclosed that a threat actor hacked the Ronin bridge and stole 173,600 Ethereum and 25.5M USDC tokens in two transactions [1 and 2], worth $617 million at today's prices.

     

    While the Ronin sidechain uses 9 validator nodes to confirm transactions, the threat actor was able to gain controler over five of the validator signatures needed to withdraw cryptocurrency from the bridge.

     

    "Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO," explains an advisory from the Ronin network.

     

    "The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator."

     

    The attack occurred almost a week ago, on March 23rd, but Sky Mavis only learned about it today when a user tried to withdrwaw 5,000 Ethereum from the bridge and was unable to do so.

     

    Most of the stolen cryptocurrency still resides in the attacker's Ethereum address, though their has been some activity, with the attacker transfering ETH to various addresses and exchanges.

     

    ronin-explotier-transactions.jpg

    Attacker sending ETH to other addresses

     

    While Sky Mavis states that all AXS, RON, and SLP tokens on Ronin are secure, all of the Ethereum and USDC deposits have been stolen by the attacker.

     

    Sky Mavis has also shut down the Ronin Bridge and the Katana Dex as they investigate the attack.

     

    "We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our top priority right now," explains Sky Mavis.

     

    This attack is largest crypto hack in history, with the previous largest theft being $611 million stolen from Poly Network in August, 2021.

     

     

    $620 million in crypto stolen from Axie Infinity's Ronin bridge


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...