In brief

  • Ronin, the Ethereum sidechain for NFT game Axie Infinity, has been hit with a sizable exploit.
  • All told, some $622 million worth of Ethereum and USDC were drained from the bridge that connects Ronin to Ethereum’s mainnet.

Ronin, an Ethereum sidechain developed for the hit NFT game Axie Infinity, has been targeted in a hack that saw an estimated $625 million worth of cryptocurrency drained from its bridge.

Developer Sky Mavis announced the news today, writing that the exploit took place on March 23 but only discovered earlier today. The attacker used “hacked private keys” to execute the exploit, per the team’s report, and thus was able to forge transactions to claim the funds.

All told, the attacker took 173,600 WETH or Wrapped Ethereum (nearly $597 million) and 25.5 million USDC stablecoin ($25.5 million), adding up to about $622 million worth of crypto funds as of this writing. Most of the stolen funds are still sitting in the hacker’s wallet.

According to the report, the attacker was able to sign transactions from five of the nine current validator nodes on the Ronin network, which is the threshold needed to approve signatures. Ultimately, the attacker gained access to Sky Mavis’ own four validators, along with one operated by Axie DAO.

“The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator,” the report reads.

“This traces back to November 2021 when Sky…

Source link

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed