Ronin Network, the blockchain project behind the popular online game Axie Infinity, suffered a cyberattack. The digital ledger said that on March 23, unidentified cybercriminals walked away with 173,600 ether tokens and 25.5 million USD Coin tokens.
At the time of the attack, the haul was worth around $540 million. But at current exchange rates, the toll rises to more than $620 million. As a result, this could be the largest crypto hack in decentralized finance (DeFi) history.
The incident brought back memories of the 2021 Poly Network cyberattack when hackers cleaned $611 million. However, most funds were returned.
Ronin Network’s Hack May Be the Biggest Yet
Cybercriminals attacked Ronin Network systems and stole over $600 million worth of cryptocurrency. The gaming-focused blockchain, which powers the widely popular Axie Infinity, confirmed the incident in a blog post on its official Substack.
It said that on March 23, unidentified hackers exploited Ronin validators nodes for Sky Mavis and Axie DAO. Then, they used the compromised private keys to forge fake withdrawals from the Ronin bridge in two transactions. That was despite the implemented protocols that protect against such attacks.
There has been a security breach on the Ronin Network… The attacker used hacked private keys in order to forge fake withdrawals.Ronin Network
The blockchain has nine validators that require five signatures for withdrawals. However, the threat actor took control of four validators and found a backdoor through the gas-free RPC node, allowing them to get the final signature for the Axie DAO validator. Ronin also said in the blog post that it discovered the attack after one user couldn’t withdraw 5,000 ETH from the ledger.
Consequently, the hackers stole 173,600 Ethereum and 25.5M USDC (a stablecoin pegged to the US dollar) tokens. The funds equaled about $540 million initially after the heist, but they’re worth more than $620 million at current trading. This could make it the biggest crypto theft ever.
Ronin Not the First DeFi Victim
In recent years, The cryptocurrency world has witnessed a worldwide boom, with tokens skyrocketing in value. Unfortunately, it also made it a valuable target for cybercriminals.
This isn’t the first time a blockchain project has fallen victim to a cyberattack, which in turn led to the loss of millions of dollars. In August 2021, a hacker stole around $610 million from the Poly Network DeFi protocol, though most funds were returned. Meanwhile, in 2018, Tokyo-based Coincheck lost $530 million, whereas Mt. Gox shut down in 2014 after threat actors got their hands on half a billion dollars.
According to Etherscan, the Ronin Network hacker recently created his Ethereum address and transferred ETH in from the Binance exchange last week. The platform’s data indicates the attack took place last week. And although most of the funds remain in the attacker’s account, over 6,000 ETH tokens were transferred to other addresses.
Furthermore, Ronin added in their blog post that they increased the validator threshold to eight and temporarily put the Ronin Bridge on hold to prevent further attacks. They also contacted major exchanges and Chainalysis to monitor the stolen funds.
We are working directly with various government agencies to ensure the criminals get brought to justice.Ronin Network