The announcement was made by Ronin Network directly on its social networks through a post. The Ronin Network, primarily video game oriented, is an Ethereum sidechain enabling the operation of the famous game Play to Earn Axie Infinity.
“There has been a security breach on the Ronin Network.”
The tweet from Ronin Network is simply chilling. 173,600 ETH as well as 25.5 million USDC were stolen by the hacker who took advantage of the security breach. That’s more than $625 million at the current price.
What is really terrifying, however, is the time it took for the Ronin Network security teams to realize the hack. Indeed, Ronin Network claims to have become aware of the hack of the funds today (March 29) after a user informed the team that his withdrawal of 5,000 ETH was impossible. Only, the hack took place on March 23, almost 6 days earlier!
A user reportedly believed a “rug” from the Axie Infinity team directly before informing one of the founders to blackmail him.
“I’ll leak my proof of your rug to everyone if you don’t give me $10 million”
To which Jihoz, Axie’s co-founder, responded
“You need a psychiatrist buddy.”
The same user then posted screenshots of the transaction of over 170,000 ETH leaving the network in the game’s discord on March 26.
How could this attack happen?
The Ronin network is composed of 9 validator nodes to ensure its decentralization. Similar to a multi-sig, to authorize a deposit or withdrawal, five of the nine nodes must approve the transaction with their signature. The hacker would have managed to take control of 5 validators, 4 of which belong to the official team.
The flaw is actually in the 5th validator node, the one managed by the Axie Infinity DAO.
In November 202, the Axie DAO authorized the signing of various transactions on its behalf. This was stopped in December 2021, but access to the authorization list was not revoked, allowing the hacker to obtain the signatures necessary to authorize his withdrawals.
💥FLASH – 615 millions volés 🥷 sur AXIE INFINITY— MoneyRadar (@MoneyRadar_FR) March 29, 2022
Il y a deux jours, je partageais la liste des plus gros braquages en #cryptomonnaies. Mais…
Il y a quelques heures, des hackers ont réussi le plus gros vol de l’histoire de la crypto. https://t.co/BzNRiJxyyP https://t.co/wzibgXhNY3
What does the future hold for Axie Infinity and Ronin Network?
The consequences of this breach are obviously monstrous for a game like Axie Infinity which was already trying hard to regain its community. The sums are colossal, but it is obviously the reaction time that worries users. It took more than 5 days for a hack of more than half a billion dollars to be noticed.
Ronin Network has announced that it is working with the authorities as well as forensic cryptographers to ensure that investors do not suffer from this hack. The network also claims that the crypto currencies in the ecosystem are already safe, although their prices have unfortunately experienced a sharp decline.
source: Ronin Network newsletter