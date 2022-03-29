The developers of Axie Infinity announced that there was a security breach in the Ronin Network. Today March 29 they found out after a user complaint that they couldn’t withdraw 5k ETH from the bridge.

Last 23 of Marchvalidation nodes ronin from Sky Mavis and Axie DAO were compromised. This resulted in 173,600 Ethereum and 25.5 million USDC drained from the Ronin Bridge in two transactions (1 and 2). The attacker used hacked private keys to fake withdrawals.

The Ronin chain of Sky Mavis currently consists of 9 validation nodes. To acknowledge a deposit or withdrawal event, five of the nine validator signatures are needed.

They reported that the attacker managed to control all four Sky Mavis Ronin validators and a third-party validator run by Axie DAO.

The validator key scheme is set up to be decentralized so as to limit an attack vector, but the attacker found a backdoor through his RPC node without gaswhich I use to get the validator’s signature Axie DAO.

Why it happened?

This goes back to November 2021, when Sky Mavis requested help from Axie DAO to distribute free transactions due to a huge user load.

Axie DAO listed Sky Mavis as allowed to sign various transactions on their behalf. This was discontinued in December 2021, but access to the allow list was not revoked.

Once the attacker gained access to the systems Sky Maviswas able to get the signature of the validator Axie DAO using the RPC without gas.

We have confirmed that the signature on malicious withdrawals matches all five suspect validators.

What measures did Axie Infinity take?

The developers of Axie Infinity decided to take the following measures:

To avoid further short-term damage, increased the validator threshold from five to eight. They are in contact with the security teams at major exchanges. Migrate all nodes that are completely separate from the old infrastructure. Ronin Bridge Temporary Stop to ensure that no further attack vectors are left open.

Binance has disabled its bridge to and from Ronin. The bridge will open at a later date once they are sure funds cannot be drained.

Temporarily disable Katana DEX due to the inability to arbitrate and deposit more funds on the Ronin Network. Monitor stolen funds with chain analysis.

Where are the funds now?

Axie infinity reported that most of the hacked funds are still in the Hacker’s wallet.

This has been a serious blow to the Ronin network, which began the first phase of free transaction reduction today.

Its native RON token dropped from $2.25 to $1.81 in a matter of minutes.

RON – CoinMarketCap.

This article is merely informative and does not constitute a purchase or investment recommendation. We encourage readers to do their due diligence before investing in NFT games or cryptocurrencies as most are highly volatile.

