How Did The Ronin Bridge Hack Take Place?

Ronin Sky Mavis re-opens the Ronin Bridge after it fell victim to a ~0m hack in March. According to the latest community update, all the user funds will be returned.

Sky Mavis re-opens the Ronin Bridge after it fell victim to a ~$540m hack in March. According to the latest community update, all the user funds will be returned.

The Ronin Bridge lets the users transfer assets from the Ronin Chain to Ethereum Mainnet. Three months after the hack, Sky Mavis announced on June 28 that the Ronin Bridge and back online with a new and improved design and will return the users’ stolen assets. 

The Ronin Bridge Hack

The Ronin Bridge Hack is one of the biggest hacks in the crypto world. According to the US government, a North Korea-based hacker group called Lazarus was responsible for this hack. The officials didn’t disclose much inside information but let two insiders speak whose identities shall remain anonymous. 

A senior engineer at Axie Infinity saw an ad – a fake ad for a job post and applied for it. (the job didn’t exist) 

Another source added that staff members at Axie Infinity were approached by a fake company to apply for jobs. The “company” took multiple interviews and eventually hired some of them – the selected member was offered a job with an extremely generous compensation package.

When the “fake” company sent them the job offer via a PDF document, the engineer downloaded the PDF – the PDF contained spyware that infiltrated Ronin’s system. As soon as he opened the PDF, the spyware “took out Four out of Nine Ronin validators – leaving them with just one validator short of total control” as The Block reported. 

To complete the heist, the hackers used Axie’s DAO as the permission to sign transactions was still valid. 

The Ronin’s Bridge Operators Post-Mortem stated the following:

“The attacker managed to get control over five of the nine validator private keys — 4 Sky Mavis validators and 1 Axie DAO — in order to forge fake withdrawals. This resulted in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions”

One month after the hack, Sky Mavis increased the validator nodes from 9 to 11. They later indicated in a blog post that they plan to increase the number to 100. They didn’t comment on how the hack took place because of obvious reasons. 

Axie Infinity saw a rising number last November – 2.7 million active users and $214 million weekly trading volume (only for the in-game NFTs). Since then, the game has been seeing plummeting numbers.