Ronin Chain was the victim of an attack exploit this Tuesday that cost the millionaire loss of 173,600 ethers (ETH) and more than 25 million USDC, in what they described as a “security breach” of the Ethereum sidechain that gives life to games like Axie Infinity.
In a Press release and advertisements Via Twitter, Ronin indicated that on March 23 the Sky Mavis Ronin validation nodes and the Axie DAO validation nodes were compromised, which resulted in the loss of a large sum of money. They had not been aware of the attack until this morning, after a user reported that he was unable to withdraw 5,000 ethers using the chain bridge.
The amount of stolen ethers is equivalent to about USD 591.84 million, according to the CriptoNoticias Price Calculator. That means that the attack resulted in the total theft of more than $625 million.
As they explained, the cryptocurrencies were withdrawn from the Ronin bridge in two transactions. For that, the hacker used hacked private keys to fake the withdrawals. Most of the funds that were stolen are still inside the attacker’s wallet, as shown on the page etherscan.
The company says that they are already working with officials and forensic cryptographers to find out more details about the attack. In addition, they specify that the investors and other directors of the company work so that the funds are recovered or, finally, reimbursed those who were victims of the millionaire robbery.
What happened?
The company explained in detail what happened. Because Sky Mavis’s Ronin is a blockchain with nine validator nodes, at least five signatures are needed to acknowledge a deposit or withdrawal. Precisely that was taken advantage of by the hacker, “who managed to control the four Sky Mavis Ronin validators and a third-party validator run by Axie DAO.”
Despite the fact that the validator key is configured to be decentralized, which prevents attack vectors like this, “the attacker found a backdoor through our remote procedure node (RPC) without gas, which they abused to obtain the signature of the Axie DAO validator,” the company said.
This has an origin that they recognize from Sky Mavis. In November last year, the company asked Axie DAO for support in distributing free transactions due to the huge number of users on the chain. Therefore, Axie DAO included Sky Mavis in the list of those allowed to sign various transactions on their behalf. While that was suspended a month later, the allow-list access was not revoked.
Therefore, and when the attacker accessed the systems, he easily obtained the signature of the Axie DAO validator through the node. Ronin highlights that the signature on the malicious withdrawals “matches all five suspected validators.”
And now that?
Now that the enormous loss has been reported and what happened has been detected, from Ronin they are apparently taking action, firstly, to protect itself from future attacks. For example: they increased the validator threshold from five to eight.
They are also talking to major exchanges and migrating nodes, which are already separated from the old infrastructure. In that sense, the Ronin bridge was stopped so that there are no more active attack vectors and Binance disabled the bridge to and from Ronin. It will open again, but within several days.
Sky Mavis highlights that all AXS, RON and SLP tokens, which also have a presence on Ronin “are safe at this time.”
A hack similar in quantity
What was reported today recalls the case of Poly Network, a DeFi protocol that allows the operation of several blockchains, which in August 2021 was also hacked, as reported by CriptoNoticias.
At that moment, hackers made off with at least $600 million in cryptocurrencies and tokensbeing at the time a great blow to the universe of decentralized finance.
Now that there has been a similar attack in quantity, it is clear that Ronin – like any chain – is not immune to hackers and, therefore, they say that they will prioritize security.
Even so, Ronin understands the loss of user confidence as a result of this incident. That is why they will use “all resources” to implement “the most sophisticated security measures and processes” in order to recover it.
At CriptoNoticias we will be attentive to the development of events and we will update with details as soon as we have them.