The developers of the Ronin Network sidechain involved in the game Axie Infinity reported a hacker attack during which the attackers managed to crack the private keys and steal 173,600 ETH and 25.5 million USDC.
According to a Ronin Network publication, the Ronin Sky Mavis and Axie DAO validator nodes were compromised on March 23rd. The Ronin Sky Mavis network currently consists of 9 validator nodes. Five out of nine validator signatures are required to make a deposit or withdrawal to limit the attack vector.
The attacker managed to gain control over four Ronin Sky Mavis validators. He found the backdoor through an RPC node, getting the signature of a third-party Axie DAO validator. Thus, the hacker took possession of the five private keys of the validators.
Ronin Network explained that in November Axie DAO whitelisted Sky Mavis to sign various transactions on its behalf. This stopped in December 2021, but whitelist access remains.
As a result, in just two transactions, the hacker withdrew 173,600 ETH and 25.5 million USDC, the total value of which is about $625 million. This was the largest hack in the history of the decentralized finance (DeFi) industry. The attack was discovered only on March 29, when the user reported that he could not withdraw 5,000 ETH from the “bridge”.
The developers are cooperating with law enforcement and crypto experts to return funds to affected investors. Chainalysis, an analytical company, joined the process to track the stolen crypto assets. All AXS, RON and SLP on Ronin are safe.
The project team is taking steps to protect against further attacks by increasing the number of validators from five to eight. Over time, their number will increase. Nodes are also being migrated to completely separate them from the old infrastructure. Developers interact on this issue with major cryptocurrency exchanges.
The Ronin Bridge has been suspended and the Binance Marketplace has also shut down its bridge to Ronin. It will be opened as soon as experts are convinced of the safety of the funds. The Katana DEX exchange has also been temporarily suspended to prevent arbitrage and depositing funds on the Ronin Network.
Recall that in August 2021 there was a hack of the DeFi project Poly Network for $611 million, with which the recent hack can be compared in scale. Later, the hacker began to return funds stolen from Poly Network.