Photo: Blogtrepreneur, Sept. 30, 2016, https://www.flickr.com/photos/143601516@N03/ CC, https://creativecommons.org/licenses/by/2.0/
The latest crypto hack, which could be the largest ever, saw gaming-focused Ronin Network lose more than $600 million worth of Ethereum and USD Coin after a hacker drained the bridge that connects Ronin to Ethereum’s mainnet.
A blockchain network, Ronin is an Ethereum sidechain built specifically for Axie Infinity, a popular crypto game that rewards its players with crypto tokens.
The blockchain network tied to the play-to-earn game was hacked earlier this month, resulting in the loss of 173,600 ETH – worth roughly $590 million, and $25.5 million worth of the stablecoin USDC, the network said in a blog post published on March 29.
This massive theft adds to the growing concern that the blockchain may not be as secure as it was initially believed — and is still hyped — to be.
The hack affected the network’s validator nodes for Sky Mavis, the publisher of the Axie Infinity game, and the Axie DAO. A DAO is a member-owned, decentralized autonomous organization or community that operates without centralized leadership.
Five out of nine validators on the Ronin network — which are responsible for authenticating transactions through creation of transaction blocks and updating of data oracles — were attacked and controlled during the incident that developers say happened on March 23.
“Once the attacker got access to Sky Mavis systems, they were able to get the signature from the Axie DAO validator by using the gas-free RPC,” the Substack post explained.
In a similar attack in August 2021, a hacker made off with $611 million in a robbery of cross-chain decentralized finance (DeFi) protocol Poly Network. A vast majority of the funds were returned.
Here are three things you should know about the hack of Axie Infinity’s ETH Sidechain, Ronin:
Ronin creator Sky Mavis, which also developed Axie Infinity, said it “discovered the security breach on March 29th, after a report that a user was unable to withdraw 5k ETH from the bridge.” This was already six days since the hack took place.
The attacker’s Ethereum address is a fresh address that transferred ETH from the Binance exchange a week earlier. Etherscan records showed that the attack took place on March 23, with the majority of the funds remaining in the attacker’s address, while some 6,250 ETH was transferred to various other addresses.
The hack will likely be considered one of the biggest in cryptocurrency history, at least according to data from Comparitech, a tech research comparison and rating platform. This could add to the growing concern that the blockchain may not be as secure as it was initially believed to be.
Ethereum is one of the biggest networks based on blockchain technology. It has its drawbacks, such as slow transactions that consume a lot of energy, and it taps a lot of computers worldwide to do the verification work.
Increasing hacking cases with huge amounts of user assets being stolen could give more credence to regulators, who have long wanted to police crypto trading and exchanges. Already, the U.S. Federal Bureau of Investigation has created a new taskforce dedicated to crypto crime.
Listen to GHOGH with Jamarlin Martin | Episode 74: Jamarlin Martin Jamarlin returns for a new season of the GHOGH podcast to discuss Bitcoin, bubbles, and Biden. He talks about the risk factors for Bitcoin as an investment asset including origin risk, speculative market structure, regulatory, and environment. Are broader financial markets in a massive speculative bubble?
Ronin’s team said it moved fast to address the incident once it became known and it is actively taking steps to guard against future attacks. To prevent further short-term damage, the company has increased the validator threshold from five to eight.
“We are working directly with various government agencies to ensure the criminals get brought to justice,” they said, adding that they had secured the rest of the system to prevent another attack on the network. They also said they are in the process of finding the best solution to ensure that “user’s funds are not lost.”
The network has also temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Crypto exchange Binance has also disabled its bridge to and from Ronin.
Photo: Blogtrepreneur, Sept. 30, 2016, https://www.flickr.com/photos/143601516@N03/
CC, https://creativecommons.org/licenses/by/2.0/
