A Ronin Network Hack Results In The Loss Of Over $600 Million
Cyberattack: A Ronin Network hack results in the loss of over $600 million
Ronin, an Ethereum-connected sidechain developed by Sky Mavis, the creator of Axie Infinity, confirmed a significant security breach in a blog post yesterday. Cybercriminals attacked Ronin's platform on March 23 and stole approximately 173,600 Ethereum, according to Ronin's manager. The robbers fled and have not been apprehended.
The project lost approximately $625 million (173,600 Ethereum tokens and 25.5 million USDC tokens), making this the largest decentralised finance cyberattack (hack) in history, possibly surpassing the $611 Poly Network heist in August 2021.
Background
With the help of NFTs, Axie is a blockchain-based video game that rewards players for their efforts. It is built on the Ethereum blockchain, as is the case with the vast majority of blockchain-based games. The game includes a sidechain called Ronin, which helps to reduce transaction fees by assisting in the processing of transactions. When it comes to using Ethereum, transaction fees are a frequent source of disagreement.
The Ronin blockchain was created by the game's developers in order to prevent the Ethereum blockchain's bugs from interfering with Axie's gameplay experience. According to the developers, the Ronin network is a custom-built sidechain for the Axie Infinity cryptocurrency.
It is an Axie Infinity player wallet that is built on the Ronin blockchain and is accessible through the Ronin website. It's a browser extension wallet, similar to MetaMask and a few other wallets in that it stores cryptocurrency.
The Ronin Bridge serves as a point of entry for users of the Axie Infinity who wish to send their ETH to the Ronin cryptocurrency network. After it has been transferred to Ronin via the bridge, the ETH is transformed into Wrapped ETH. Users can now use it to purchase Axies, which are required in order to participate in the game. Additionally, users can use the bridge to convert their tokens into Ethereum and then withdraw their funds from their accounts in Ethereum.
What caused the breach to occur
The Ronin Bridge was the target of the cyberattack, which exposed players of Axie Infinity and other projects that make use of it.
The funds of the Ronin Bridge are protected by a set of nine secret keys that are only known to the Ronin Bridge. If the network has access to at least five of the keys, it will be able to unlock and distribute the funds.
Hackers discovered a backdoor in the Ronin Bridge node and used it to gain access to four validators on Ronin, including one run by the Axie DAO, before being caught. The hacker used those five validators to gain access to the vault and withdraw a total of 173,600 Ethereum from the account. The attacker "used hacked private keys to forge bogus withdrawals" from the Ronin bridge contract in two transactions, according to the report.
At the time of writing, the hacker had stolen 173,600 ETH and 25.5 million USDC, for a total of more than $620 million. It has been estimated that approximately 6,250 ether (or $21 million) has been transferred out of the attacker's wallet address, with a significant portion of that amount going to the FTX Exchange.
When the Ronin Network released a public notice about the hack six days after it occurred, it revealed that the network had been aware of the hack the previous day when a user reported his inability to withdraw 5,000 ETH from the Ronin Network's Bridge.
Validator threshold has been raised from five to eight, according to the company, which has announced the change. To ensure that no additional attack vectors are left open, Ronin will pause the Ronin Bridge for a short period of time. Further to this, they are migrating their nodes, which will be decoupled from the existing infrastructure.
Since 2021, there has been a significant increase in the number of cryptocurrency cyberattacks and thefts. Over $600 million was lost by Poly Network, which is a DeFi company, in the third quarter of 2021. A cryptocurrency company in Asia, Coincheck, suffered a theft of more than $500 million in 2018, but the criminals did not pay the company any compensation for their losses.
Effect on the market
The stock prices of $AXS, $RON, and $SLP all plummeted in response to the news. Unsurprisingly, $RON was the target of the majority of the attacks. At the time of publication, it was down 20.49 percent. According to Coinmarketcap data, $AXS and $SLP have also experienced significant losses, falling 7.12 percent and 8.59 percent, respectively, in the last 24 hours.
According to reports, the incident has caused a significant setback for the cryptocurrency industry. Vulnerabilities in blockchain systems would jeopardize the trust and credibility that the revolutionary technology has built up. Even more shocking is the fact that it took Ronin a week to publish their "Community alert" on the internet. In addition, the company disabled the comment section of their announcement, which was previously available.
Although it is possible that a major crash will occur as a result of this hack, this is highly unlikely. Because of increasing corporate and institutional adoption, the cryptocurrency market is more mature than it has ever been.
