Axie Infinity’s Ronin Network Exploited for $625 Million

Daniel Attoe
Daniel Attoe

Updated · Mar 30, 2022

SHARE:

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

The security breach may be the largest ever in decentralized finance (DeFi) history.

Ronin Exploited

Ronin, the bridge that supports the crypto game Axie Infinity, has suffered one of the biggest blockchain security breaches ever. The network announced the hack on Twitter on Tuesday. 

It said the people behind it made off with 173,600 Ethereum and 25.5 million USDC, a stable coin pegged to the US dollar. The stolen cryptocurrency assets amount to about $625 million.

The hackers involved breached the Ronin network by using compromised private keys to forge withdrawals. The incident took place on March 23rd. However, it was not discovered until six days later when a user found they could not withdraw their Ethereum. 

The team behind the bridge has reacted by “pausing the bridge” and notifying law enforcement.

“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed,” the platform said in a blog post. 

After the disclosure, the price of RON, the network’s token, dropped by over 20%.

How it Happened

In its blog post, Ronin’s team unveiled details of the attack.

“Sky Mavis’ Ronin chain currently consists of 9 validator nodes,” the statement revealed. “In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.”

The hacker then exploited a backdoor through the network’s RPC node to get the signature for the Axie DAO validator. That signature helped it to make the illegal withdrawals.

The Largest DeFi Hack Ever?

Last month, Wormhole, another blockchain bridge, suffered a security breach leading to the loss of $324 million in wrapped Ethereum. As big as that sounds, that was not the largest crypto heist before Ronin’s hack. 

In August 2021, a hacker broke into a smart contract on cross-chain crypto swap provider, Poly Network, and stole over $610 million in assets. Fortunately, the self-dubbed Mr. Whitehat only wanted to demonstrate the vulnerability of DeFi platforms. Subsequently, they returned the stolen assets.

SHARE:

Daniel Attoe

Daniel Attoe

Daniel is an Economics grad who fell in love with tech. His love for books and reading pushed him into picking up the pen - and keyboard. Also a data analyst, he's taking that leap into data science and machine learning. When not writing or studying, chances are that you'll catch him watching football or face-deep in an epic fantasy novel.

Leave your comment

Your email address will not be published.