NFT Evening NFT Evening
    Facebook Twitter Instagram Reddit
    NFT Evening NFT Evening
    • News
      • Collectibles
      • Crypto Art
      • Blockchain games
      • Metaverse
      • Music
      • Interviews
    • Guides
      • Top NFT Projects
      • Top Blockchain Games
      • NFT Marketplaces and Tools
    • Learn here!
      • What is an NFT?
      • How to keep your NFTs safe
      • NFT Glossary
    • NFT Calendar
      • NFT Drops
      • NFT Conferences
    NFT Evening NFT Evening
    Blockchain games

    Home » News » Ronin Network, Home Of Axie Infinity, Is Robbed Of $600M Via Their Bridge

    Ronin Network, Home Of Axie Infinity, Is Robbed Of $600M Via Their Bridge

    By Ming HooiMarch 30, 2022Updated:March 31, 20224 Mins Read
    Contents hide
    The breach on Ronin Network – how did it happen?
    Future plans for Ronin Network and the whereabouts of stolen funds
    Final thoughts

    In a shocking announcement on Tuesday, Sky Mavis revealed that a hacker has stolen more than $600M from Ronin Network. The stolen funds include 173,600 ETH and 25.5 million USDC. Other tokens such as AXS, RON, and SLP are reported safe. Subsequently, the team has halted transactions on Ronin bridge and Katana Dex for further investigation.

    Ronin network logo.
    Ronin Network has suffered a $625M breach, the biggest hack in the history of cryptocurrency. Credit: Sky Mavis.

    The breach on Ronin Network – how did it happen? 

    Ronin Network is an Ethereum sidechain that Sky Mavis built specifically for the popular blockchain game Axie Infinity. According to Sky Mavis, the attack began on 23 March last week. The culprit managed to use hacked private keys to forge fake withdrawals.

    The first withdrawal went through successfully with a transaction amount of 173,600 ETH. Shortly after, the hacker stole another 25.5 million USDC in the second transaction. The entire breach went unnoticed for a week until yesterday morning when a user reported a failed 5k ETH withdrawal from the bridge.

    Currently, there are 9 validator nodes on the Ronin Network. To recognize a deposit or withdrawal event, 5 out of the 9 validators’ signatures are required. The attacker managed to hack into Sky Mavis’s four validators and a third-party validator run by Axie DAO. But how? According to Sky Mavis, it seems that the attacker has found a backdoor through a gas-free RPC node. The attacker subsequently exploited the gas-free RPC node to get the Axie DAO validator’s signature.

    So why is there a backdoor in the first place? Back in November 2021, Sky Mavis requested Axie DAO to distribute free transactions to users. During that time, Axie DAO allow-listed Sky Mavis to sign various transactions on its behalf. Apparently, the validator stopped distributing free transactions afterward but it didn’t revoke the allow-list access. Hence, this opened up a loophole for the attack.

    Future plans for Ronin Network and the whereabouts of stolen funds 

    In the future, Sky Mavis will increase the number of required nodes to 8 for transactions in Ronin Network. The team will reopen the Ronin bridge once they have ascertained that the bridge is no longer compromised. Additionally, the team is working with law enforcement to recover the stolen funds. But instead of waiting for law enforcement, the crypto community on Twitter has already tracked down the stolen funds.

    According to Twitter user @SlowMist_Team, the hacker converted 25.5 million USDC to ETH and distributed 6250 ETH to various addresses. Of these transfers, 1221 ETH went to FTX and Crypto.com addresses. So, now there is nearly 175k ETH sitting in the hacker’s wallet. Notably speaking, the funds to launch this attack originated from a Binance account. Consequently, Binance confirmed that they are in touch with Sky Mavis to further investigate the attack.

    Crypto community on Twitter helped trace the stolen funds and hacker wallet's origination.
    A map showing how the hacker scattered stolen funds into multiple wallet addresses. Source: @SlowMist_Team.

     

    Wallet Addresses controlled by the hacker.
    A list of wallet addresses linked to the hacker. Source: @SlowMist_Team.

    Final thoughts

    Given that more than half a billion dollars were lost, the Ronin breach appears to be the largest hack ever seen in cryptocurrency history. If the lost funds cannot be retrieved, Ronin users will have a hard time withdrawing their assets back to ETH. In fact, cross-chain bridges are usually vulnerable since they are not immune to 51% attacks.

    The same kind of incident happened earlier this year with a $320 million breach on the Wormhole network. Nevertheless, we hope Sky Mavis can recover the stolen funds quickly so that the value of assets within the Ronin ecosystem remains in sync.

    Join Our New "To The Moon" daily Newsletter

    Get our free, 5 minutes daily newsletter. Join 25,000+ NFT enthusiasts & stay on top 👊🌚

    Thank you!

    You have successfully joined our subscriber list.

    .

     


    All investment/financial opinions expressed by NFTevening.com are not recommendations.

    This article is educational material.

    As always, make your own research prior to making any kind of investment.

    Previous ArticleThere’s A New NFT Scam On The Block: Here’s What We Know
    Next Article Burnt Finance Launches No-Code, No-Transaction Fee NFT Platform
    Ming Hooi

    Ming Hooi is a writer based in Malaysia. She is a fan of GameFi and loves keeping herself updated on the latest developments of crypto, GameFi, NFT, and Web 3.0 in general.

    More great NFT Evening content:

    Axie Infinity Sees Active Users Rise 59%: Is Play-to-Earn Cool Again?

    January 23, 2023

    Neopets Raise $4 Million To Bring The Game Into The Metaverse

    January 20, 2023

    Alien Worlds Opens Up the 2nd Part of its Community Grants Program

    January 18, 2023

    Cometh is Now Available to Play Through the Ledger Live App

    January 17, 2023

    Skyweaver Launches Its Latest Expansion: Hexbound Invasion

    January 16, 2023

    Drone Racing League Drops Trailer for Metaverse Game on Algorand

    January 12, 2023

    Genopets New Update Includes Toys and Food!

    January 9, 2023

    Axie Infinity Launches a Stylish Accessories Update

    January 5, 2023
    Latest NFT News

    Floor Acquires WGMI.io To Help Achieve Its Mission

    January 25, 2023

    PEDIGREE® Enters The Metaverse To Combat Pet Homelessness

    January 25, 2023

    Art Blocks Announces an Official Partnership With Bright Moments

    January 25, 2023

    Ex-Konami Team To Launch an MMORPG On ImmutableX

    January 25, 2023

    Porsche NFT Collection Flops Post Drop, Called a “Cash Grab”

    January 25, 2023

    House of Blueberry Raises $6Million to Bring Fashion into the Metaverse

    January 24, 2023

    Web3 Film Calladita Receives Award and $100k in Post-Production Funds

    January 24, 2023

    Rug Radio Hires a New CEO

    January 24, 2023
    Get The FREE Exclusive Report
    CLICK HERE

    NFTevening is the biggest website for NFT news. We cover; breaking news, upcoming mints, plus, interviews with top NFT artists and projects. Put simply, we are the best place for new and experienced non-fungible token fans — making content fun & accessible

    Privacy policy
    Terms and conditions

    Article Categories
    • Blockchain games
    • Collectibles
    • Crypto Art
    • Guides
    • Interviews
    • Metaverse
    • Music
    • News
    • NFT Marketplaces and Tools
    • Sponsored Content
    • Top Blockchain Games
    • Top NFT Projects
    NFT Calendar
    • Today’s NFT Drops
    • Upcoming NFT Drops
    • Solana NFT Drops
    • NFT Calendar
    • NFT Calendar : Add Your NFT Event
    Get In Touch
    • Advertise (Media Kit)
    • Collaboration and Press Releases
    • Job Opportunities
    • About Us
    • Contact Us
    NFT Beginners Guides
    • How to Sell NFT Art
    • How to Create NFT Art
    • How to Display NFT Art
    • How To Make Passive Income With NFTs
    • Best Crypto Wallet
    • Best NFT Coins
    • Best NFT Rarity Tools
    • What is a DAO ?
    • What Are Crypto Gas Fees ?

    Type above and press Enter to search. Press Esc to cancel.