Blog maker

The Creator of Axie Infinity Just Suffered One of the Biggest Heists in Crypto History

Hundreds of millions of dollars in cryptocurrency were stolen after the Ronin network, which provides the blockchain “bridge” that powers the NFT game Axie Infinity, was compromised.

The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD coins stolen, with a total value of $625 million. Some commentators have suggested that this might be the the biggest robbery (opens in a new tab) in the history of cryptography.

Announce development in a Substack blog post (opens in a new tab)Ronin Network said the exploit affected validator nodes operated by Sky Mavis, publisher of Axie Infinity.

Cross bridges

Given the transparent nature of the blockchain, the Ronin network was able to quickly establish that the funds were taken a week ago, on March 23. However, it wasn’t until a user reported that they couldn’t withdraw 5,000 Ether that the team noticed the breach.

An investigation revealed that the attacker used hacked private keys (opens in a new tab) to forge fake withdrawals, the organization explained.

Ronin’s security configuration includes nine validators, which require five signatures for each transaction. However, the attacker found a “backdoor” through the network’s gasless RPC node and abused it to obtain the signature. (opens in a new tab) for the Axie DAO validator.

Whoever is behind the attack has created a new ETH address to place the funds into. Most of the funds have not yet been transferred, although around 6,200 have been sent to several addresses.

Cross-chain bridges seem to be the weakest security link in the blockchain world. Last month, hackers exploited the Wormhole Bridge for $320 million. The Ronin Bridge has been put on hold, pending an investigation.

“We work directly with various government agencies to ensure criminals are brought to justice,” the blog states.

Going through CoinDesk (opens in a new tab)