Hundreds of millions of dollars in cryptocurrency has been stolen after the Ronin Network, which provides the blockchain "bridge" that powers NFT game Axie Infinity, was compromised.
The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD Coin stolen, totalling $625 million in value. Some commentators have suggested this may be the largest single heist (opens in new tab) in crypto history.
Announcing the development in a Substack blog post (opens in new tab), Ronin Network said the exploit affected validator nodes operated by Sky Mavis, publisher of Axie Infinity.
Cross-chain bridges
Given the blockchain’s transparent nature, the Ronin Network was able to quickly establish that the funds were taken a week ago, on March 23. However, only after a user reported being unable to withdraw 5,000 ether did the team notice the breach.
An investigation revealed the attacker had used hacked private keys (opens in new tab) to forge fake withdrawals, the organization explained.
Ronin’s security setup includes nine validators, which require five signatures for every transaction. However, the attacker found a “backdoor” through the network’s gas-free RPC node, and abused it to get the signature (opens in new tab) for the Axie DAO validator.
> Cryptocurrency platform Wormhole hit in $320 million hack (opens in new tab)
> Hundreds of Crypto.com accounts hacked after it was hit by major data breach (opens in new tab)
> 2FA compromise led to Crypto.com hack (opens in new tab)
Whoever is behind the attack created a fresh ETH address to place the funds in. Most of the funds haven’t moved yet, although roughly 6,200 were sent to multiple addresses.
Cross-chain bridges seem to be the weakest security link in the blockchain world. Last month, hackers exploited the Wormhole Bridge for $320 million. The Ronin Bridge has been paused, pending investigation.
“We are working directly with various government agencies to ensure the criminals get brought to justice,” the blog post states.
- Check out our list of the best password managers (opens in new tab)right now
Via CoinDesk (opens in new tab)