In a shocking announcement on Tuesday, Sky Mavis revealed that a hacker has stolen more than $600M from Ronin Network. The stolen funds include 173,600 ETH and 25.5 million USDC. Other tokens such as AXS, RON, and SLP are reported safe. Subsequently, the team has halted transactions on Ronin bridge and Katana Dex for further investigation.
The breach on Ronin Network – how did it happen?
Ronin Network is an Ethereum sidechain that Sky Mavis built specifically for the popular blockchain game Axie Infinity. According to Sky Mavis, the attack began on 23 March last week. The culprit managed to use hacked private keys to forge fake withdrawals.
The first withdrawal went through successfully with a transaction amount of 173,600 ETH. Shortly after, the hacker stole another 25.5 million USDC in the second transaction. The entire breach went unnoticed for a week until yesterday morning when a user reported a failed 5k ETH withdrawal from the bridge.
Currently, there are 9 validator nodes on the Ronin Network. To recognize a deposit or withdrawal event, 5 out of the 9 validators’ signatures are required. The attacker managed to hack into Sky Mavis’s four validators and a third-party validator run by Axie DAO. But how? According to Sky Mavis, it seems that the attacker has found a backdoor through a gas-free RPC node. The attacker subsequently exploited the gas-free RPC node to get the Axie DAO validator’s signature.
So why is there a backdoor in the first place? Back in November 2021, Sky Mavis requested Axie DAO to distribute free transactions to users. During that time, Axie DAO allow-listed Sky Mavis to sign various transactions on its behalf. Apparently, the validator stopped distributing free transactions afterward but it didn’t revoke the allow-list access. Hence, this opened up a loophole for the attack.
Future plans for Ronin Network and the whereabouts of stolen funds
In the future, Sky Mavis will increase the number of required nodes to 8 for transactions in Ronin Network. The team will reopen the Ronin bridge once they have ascertained that the bridge is no longer compromised. Additionally, the team is working with law enforcement to recover the stolen funds. But instead of waiting for law enforcement, the crypto community on Twitter has already tracked down the stolen funds.
According to Twitter user @SlowMist_Team, the hacker converted 25.5 million USDC to ETH and distributed 6250 ETH to various addresses. Of these transfers, 1221 ETH went to FTX and Crypto.com addresses. So, now there is nearly 175k ETH sitting in the hacker’s wallet. Notably speaking, the funds to launch this attack originated from a Binance account. Consequently, Binance confirmed that they are in touch with Sky Mavis to further investigate the attack.
Given that more than half a billion dollars were lost, the Ronin breach appears to be the largest hack ever seen in cryptocurrency history. If the lost funds cannot be retrieved, Ronin users will have a hard time withdrawing their assets back to ETH. In fact, cross-chain bridges are usually vulnerable since they are not immune to 51% attacks.
The same kind of incident happened earlier this year with a $320 million breach on the Wormhole network. Nevertheless, we hope Sky Mavis can recover the stolen funds quickly so that the value of assets within the Ronin ecosystem remains in sync.