Hundreds of millions of dollars in cryptocurrency has been stolen after the Ronin Network, which provides the blockchain "bridge" that powers NFT game Axie Infinity, was compromised.
The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD Coin stolen, totalling $625 million in value. Some commentators have suggested this may be the largest single heist in crypto history.
Announcing the development in a Substack blog post, Ronin Network said the exploit affected validator nodes operated by Sky Mavis, publisher of Axie Infinity.
Cross-chain bridges
Given the blockchain’s transparent nature, the Ronin Network was able to quickly establish that the funds were taken a week ago, on March 23. However, only after a user reported being unable to withdraw 5,000 ether did the team notice the breach.
An investigation revealed the attacker had used hacked private keys to forge fake withdrawals, the organization explained.
Ronin’s security setup includes nine validators, which require five signatures for every transaction. However, the attacker found a “backdoor” through the network’s gas-free RPC node, and abused it to get the signature for the Axie DAO validator.
Whoever is behind the attack created a fresh ETH address to place the funds in. Most of the funds haven’t moved yet, although roughly 6,200 were sent to multiple addresses.
Cross-chain bridges seem to be the weakest security link in the blockchain world. Last month, hackers exploited the Wormhole Bridge for $320 million. The Ronin Bridge has been paused, pending investigation.
“We are working directly with various government agencies to ensure the criminals get brought to justice,” the blog post states.
- Check out our list of the best password managers right now
Via CoinDesk