Ronin Validators Breached, More than $600M Stolen
Five validators of the Ronin Network, home to the popular play-to-earn game Axie Infinity, were breached on March 23 allowing a hacker to remove 173,600 ETH and $25.5M USDC from the Ronin bridge.
The Ronin team was alerted to the exploit on March 29, when a bridge user was unable to complete a withdrawal of 5,000 ETH.
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022
The team released a statement around 11:00 a.m. ET to address the issue, which is the latest in attacks on bridging technology which allows users to move digital assets between blockchains.
The Ronin Network currently uses nine validator nodes to help verify and validate transactions that take place on the blockchain.
According to the team's release, in order for a deposit or withdrawal event to be recognized on the Ronin Network, five out of the nine validator signatures are required.
In this case, the hacker obtained control over four validators from Sky Mavis (the team behind Ronin) and the Axie DAO validator as well.
With five validators at their disposal, the hacker was then able to maliciously sign and validate a withdrawal event.
The transactions in question as pointed out by the Ronin team can be found here and here.
The exploited funds still largely sit in the hacker's wallet, which can be viewed here - already labeled as the Ronin Bridge Exploiter via Etherscan.
At present time, AXS, SLP, and RON - three relevant tokens for the Axie Infinity game are all safe from exploit, but have fallen on the news, with RON the native token of Ronin, down more than 20 percent.
Next Steps From Ronin
To prevent future attacks the Ronin team now requires eight of nine validator signatures in order to complete a deposit or withdrawal event, making it more difficult for a bad actor to gain control. Additionally the Ronin bridge and the Katana DEX have both been paused to avoid any further consequences for users.
The Ronin team will work with blockchain analysis firm, Chainalysis, to monitor the stolen funds and is in contact with the security teams of notable exchanges as well.
From the press release, "We are working directly with various government agencies to ensure the criminals get brought to justice. The team also aims to work with governments and law enforcement officials to ensure there is no loss of user funds."
Meanwhile, CEO Sam Bankman-Fried of FTX (where the hacker transferred a substantial amount of the stolen funds) said in a Twitter post that his company was "investigating and taking action if/where appropriate."