A hacker has actually taken almost$ 620 million in Ethereum and USDC tokens from Axie Infinity’s Ronin network
bridge, making it perhaps the largest crypto hack in history. Ronin is an Ethereum sidechain created by Sky Mavis to faciliate deals for the Axie Infinity game, with the bridge serving as a method to transfer ERC-20 tokens between the Ethereum and Ronin blockchains.
Today, Sky Mavis disclosed that a threat actor hacked the Ronin bridge and stole 173,600 Ethereum and 25.5 M USDC tokens in two transactions , worth $617 million at today’s rates.
While the Ronin sidechain uses 9 validator nodes to confirm transactions, the threat star was able to gain controler over 5 of the validator signatures required to withdraw cryptocurrency from the bridge.
“Sky Mavis’ Ronin chain currently includes 9 validator nodes. In order to acknowledge a Deposit occasion or a Withdrawal occasion, 5 out of the nine validator signatures are required. The attacker managed to get control over Sky Mavis’s 4 Ronin Validators and a third-party validator run by Axie DAO,” describes an advisory from the Ronin network.
“The validator essential scheme is set up to be decentralized so that it limits an attack vector, similar to this one, however the enemy found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
The attack happened almost a week back, on March 23rd, but Sky Mavis only discovered it today when a user attempted to withdrwaw 5,000 Ethereum from the bridge and was unable to do so.
Most of the taken cryptocurrency still lives in the assaulter’s Ethereum address, though their has been some activity, with the enemy moving ETH to numerous addresses and exchanges.
Assaulter sending ETH to other addresses While Sky Mavis specifies that all AXS, RON, and SLP tokens on Ronin are safe, all of the Ethereum and USDC deposits have actually been stolen by the opponent.
Sky Mavis has actually likewise closed down the Ronin Bridge and the Katana Dex as they investigate the attack.
“We are working with police authorities, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our leading priority right now,” explains Sky Mavis.
This attack is largest crypto hack in history, with the previous largest theft being $611 million taken from Poly Networkin August, 2021.