Today is a sad day for the Web3 community as SkyMavis‘s sidechain, Ronin, was a victim of a hack which resulted to over $621,274,336 USD (173,600 ETH and 25.5M USDC) stolen using the Ronin Bridge in two transactions (1 and 2).
This might be the biggest hack in the Web3 history. Sky Mavis in it’s announcement said the company is working with law enforcement, forensic cryptographers and investors to recover or reimburse the funds. All AXS, RON and SLP on Ronin network are currently safe.
It’s a shame that this happened as Sky Mavis is the company which managed to make Blockchain Gaming go mainstream with it’s title, Axie Infinity.
The Details of The Ronin Breach.
The hack took place on March 23rd but it was discovered earlier today. The Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised using hacked private keys to forge fake withdrawals. The breach was noticed after a Ronin user was unable to withdraw 5,000 ETH from the Ethereum <> Ronin Bridge.
How Did The Ronin Sidechain Hack Took Place?
The Ronin chain consists of nine valdator nodes. For a transaction to go through, five out of nine nodes must approve it.
The hacker managed to get access to four Ronin Validators and a third-party node owned by Axie DAO.
A backdoor on the gas-free RPC node was abused by the attacker to get the signature for the Axie DAO Validator, hence grant access to drain the money.
The hack took place using a system discontinued in 2021, but the whitelisting access wasn’t provoked.
What Actions Does Sky Mavis Taken?
- The validator threshold was increased to to eight from five.
- Sky Mavis is in contact will major exchanges to block and trace any possible transactions.
- Nodes are migrating to a new infrastructure.
- Ronin Bridge and Binance Ronin deposits disabled.
- KatanaDEX is disabled.
- Chainalysis is working to monitor the stolen funds.