According to a statement released Tuesday, the company discovered that its “Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC” on March 23. Ronin Network said that users were still unable to withdraw or deposit funds to the network as of Tuesday, March 29.
Details Regarding the Ronin Hack
The Ronin Network is the Ethereum-linked blockchain developed by the publishers of the Axie Infinity video game. On Tuesday morning, a user reported issues withdrawing 5,000 Ethereum tokens (an estimated value of roughly $17 million) from the Ronin Network. After reviewing the complaint, the system breach was discovered and it was determined that on March 23, hackers compromised the platform through the Ronin bridge, where they used stolen private keys to make fake withdrawals. During the hack, the cybercriminals gained control over four of the network’s validators, as well a third-party validator. At the time of the attack, only five out of the system’s nine validator signatures were needed for a withdrawal. Once they accessed the systems, they used these controls to obtain the five signatures needed. Ronin Network linked the malicious withdraws to the compromised validators. The vulnerability is connected to when the system used the third-party validator, Axie DAO, in November of 2021. Axie DAO gave another validator the ability to sign some transactions on its behalf. The network stopped using Axie DAO in December 2021, but the access was not removed.
What Actions Were Taken
The company stated that they addressed the incident immediately after discovering the breach and reported that the network is secure at the moment. The Ronin Network also confirmed that they were taking steps to ensure their systems are safe against future attacks and to prevent further damage to the network. These steps include increasing the threshold of validators to eight and temporarily pausing the Ronin Bridge. Ronin Network also said it is in the “process of migrating our nodes,” which are separated from old infrastructure. The company said it is cooperating with local law enforcement regarding the breach, as well as working with forensic cryptographers and their investors to ensure funds are recovered or reimbursed.
Other Cryptocurrency Thefts
This is not the first cyberheist and it certainly won’t be the last based on the popularity of Bitcoin, Ethereum, and other cryptocurrencies. Some past cryptocurrency thefts include:
The Poly Network hack where over $600 million in Cryptocurrency was stolen. The BitMart Exchange breach where hackers stole over $150 million in digital tokens. Hackers stole over $34 million in digital tokens from C.R.E.A.M. Finance. $90 million was stolen during the Liquid hack.