Hackers pilfer $600m from Ronin Network in massive crypto attack

(Photo by Sean Gallup/Getty Images)

Hackers have stolen almost $600m from a blockchain network connected to the Axie Infinity online game in one of the largest crypto attacks ever.

Ronin Network has confirmed a “security breach” on its network which drained 173,600 Ethereum (£447m) and 25.5m USDC. The attack took place a week ago and was discovered last night with Ronin confirming the hacker had used private keys in order to forge fake withdrawals.

There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022

The Ronin chain currently consists of 9 validator nodes which sign off on transactions, with five signatures required in order to authorise orders. The attacker managed to get control over four Ronin Validators and a third-party validator run by Axie DAO through a backdoor Ronin owner Sky Mavis revealed.

“Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC,” Ronin confirmed in a blog post. The company said it is working with law enforcement officials, forensic cryptographers, and investors to make sure all funds are recovered or reimbursed.

The attack showcases the risks associated with bridge protocols and the decentralized finance (DeFi) sector more generally. Last year $3.2bn worth of crypto was stolen according to Chainalysis with $2.3bn – 72 per cent of the total – taken from DeFi protocols.

In a particularly high profile hack the Poly Network was exploited for $600m, however almost all of the stolen assets were returned.

The chief executive of Binance Changpeng ‘CZ’ Zhao offered his support for Axie Infinity team in a tweet which revealed the world’s largest crypto exchange has been in touch with the company.

Our team is in touch with AxieInfinity team providing assistance in tracking this issue. https://t.co/pNU4wwrCAq — CZ 🔶 Binance (@cz_binance) March 29, 2022

