The maker of Axie Infinity just suffered one of the largest heists in crypto history

(Image credit: Shutterstock / Brazhyk)

Hundreds of millions of dollars in cryptocurrency has been stolen after the Ronin Network, which provides the blockchain "bridge" that powers NFT game Axie Infinity, was compromised.

The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD Coin stolen, totalling $625 million in value. Some commentators have suggested this may be the largest single heist in crypto history.

Announcing the development in a Substack blog post, Ronin Network said the exploit affected validator nodes operated by Sky Mavis, publisher of Axie Infinity.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Cross-chain bridges

Given the blockchain’s transparent nature, the Ronin Network was able to quickly establish that the funds were taken a week ago, on March 23. However, only after a user reported being unable to withdraw 5,000 ether did the team notice the breach.

An investigation revealed the attacker had used hacked private keys to forge fake withdrawals, the organization explained.

Ronin’s security setup includes nine validators, which require five signatures for every transaction. However, the attacker found a “backdoor” through the network’s gas-free RPC node, and abused it to get the signature for the Axie DAO validator.

Whoever is behind the attack created a fresh ETH address to place the funds in. Most of the funds haven’t moved yet, although roughly 6,200 were sent to multiple addresses.

Cross-chain bridges seem to be the weakest security link in the blockchain world. Last month, hackers exploited the Wormhole Bridge for $320 million. The Ronin Bridge has been paused, pending investigation. 

“We are working directly with various government agencies to ensure the criminals get brought to justice,” the blog post states.

Via CoinDesk

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.