The Ronin Network, the blockchain network behind the popular Axie Infinity game, had $625 million worth of Ether and USDC stolen by hackers.
The heist, which is thought to be one of the largest crypto hacks ever, occurred on March 23rd but wasn’t discovered by Ronin until six days later when a user reported being unable to withdraw their ETH from the network.
Ronin issued an official statement on March 29th detailing how the attack occurred and what steps they are taking to try to get the stolen funds back.
How did the hack happen?
The heist happened when hackers gained control over a majority of Ronin’s validators. They did this by stealing private keys and using them to forge the approval needed to withdraw the stolen funds.
The Ronin Network’s system was designed so five out of nine validators were needed to sign off on all transactions
After hacking the private keys, the hackers were able to take over four validators from the Ronin Network. They gained control over a fifth from a third-party validator run by the Axie decentralized autonomous organization (DAO).
According to Ronin’s statement, the hackers discovered a flaw in the validator system that allowed them to commit the attack.
“The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator,” the Ronin Network said.
The hack resulted in the loss of 173,600 Ether tokens and $25.5 million worth of USDC. At the time of the attack, the funds stolen were worth $540 million in total, making it the second-largest crypto attack of all time, according to analysis from fintech company Elliptic.
But in the week since, the price of the stolen crypto rose to $625 million, potentially making it first on the list of the biggest crypto hacks.
What is Ronin doing to get the funds back?
The Ronin Network is taking several steps in response to the hack, including changing its validator protocol. It will now be necessary for eight out of nine validators to approve transactions on the network.
In addition, the network is reaching out to major exchanges regarding the stolen funds. The Ronin Network also stated they are working with government agencies, law enforcement officials, and forensic cryptographers to bring the thieves to justice.
The network also decided to temporarily shut down a couple of its platforms to keep users safe until more is known about how the hack happened.
“We have temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin to err on the side of caution,” Ronin said in their statement.
They have also closed their Katana decentralized exchange (DEX) platform for the time being.
Who is the Ronin Network?
The Ronin Network is a type of blockchain platform known as a sidechain. It was created by Sky Mavis, the company behind both Ronin and Axie Infinity.
Sky Mavis built the Ronin Network specifically as a blockchain gaming platform to make the Axie Infinity game cheaper and faster for players.
The Ronin Network is a sidechain to the Ethereum network, but it operates completely independently. Ronin officially launched in February of 2021. By November of that year, $5 million worth of assets were deposited on the platform.
How will this impact the future of Ronin?
After the attack, the price of the RON token used to power the network fell 22.5%, according to CoinMarketCap.
Ronin is conducting a full investigation into how the hackers managed to steal the funds. In the meantime, they have blocked all users from making deposits or withdrawals on the network.
“We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks,” the Ronin Network said.
They also added that Sky Mavis is committed to either recovering or reimbursing all the stolen crypto.
About the Author
Michael Hearne
About Decentral Publishing
Decentral Publishing is dedicated to producing content through our blog, eBooks, and docu-series to help our readers deepen their knowledge of cryptocurrency and related topics. Do you have a fresh perspective or any other topics worth discussing? Keep the conversation going with us online at: Facebook, Twitter, Instagram, and LinkedIn.
