$620M - Ronin just suffered from one of the biggest Crypto Hacks ever!

Ronin Network Hacked

• The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.
• The Ronin bridge and Katana DEX have been halted.
• Ronin is working with law enforcement, forensic cryptographers, and their investors to make sure all funds are recovered or reimbursed.

On the 29th March 2022 Ronin Network discovered that their Sky Mavis' Ronin validator nodes as well as their Axie DAO validator nodes were compromised. This resulted in 173,600 Ethereum (currently worth an estimated $590 million) and 25,5M USDC being drained from the Ronin bridge within two transactions.

• Transaction 1 - view on Etherscan.io
• Transaction 2 - view on Etherscan.io

The attacker(s) used hacked private keys in order to forge fake withdrawals. The breach was discovered on the morning of the 29th March 2022 after a user reported that he was not able to withdraw 5,000 ETH from the bridge.

More Details about the Attack

The Sky Mavis' Ronin chain currently consists of  9 validator nodes. In order to recognize a deposit even or withdrawal event, five out of nine validator signatures are needed. The hacker(s) managed to gain control over the Sky Mavis' four Ronin validator nodes and a third party validator run by Axie DAO.

Although the validator key scheme is set up to be decentralized to limit an attack's vector, the attacker(s) found a backdoor through Ronin's gas-free RPC node, which they abused to get the signature for the Axie DAO validator.

Once the attacker(s) got access to the Sky Mavis systems thy were able to get the signature from the Axie DAO validator by using the gas-free RPC.

Which Actions were taken?

Ronin moved swiftly to address the incident once it became known and took steps against future attacks. The validator threshold got increased from five to eight.

Furthermore, Ronin is in contact with security teams at major exchanges and will be reaching out to all in the coming days.

Additionally, they are in the process of migrating their nodes, so they are completely separated from the old infrastructure.

The Ronin Bridge is temporarily paused to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin. The bridge will be opened up again at a later date once Ronin is certain no further exploits can happen.

The Katana DEX is also disabled temporarily to due to the inability to arbitrage and deposit more funds to Ronin Network.

Ronin is working together with Chainalysis to monitor stolen funds.

Learn more about the attack on Ronin's Substack.