Pursuant to announcements on Axie Infinity’s Discord page and Ronin’s official Twitter account, the Ronin Bridge and Katana Dex were hacked for 173,600 ETH and 25,500,000 USDC.
In a statement by Ronin:
We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.
[Ronin Network. Community Alert: Ronin Validators Compromised. (Accessed March 29, 2022)].
As reported by Cointelegraph:
As told by Ronin developers, the attacker used hacked private keys in order to forge fake withdrawals, draining the funds from the Ronin bridge in just two transactions. More importantly, the hack occurred on March 23 but was only discovered on Tuesday after a user allegedly uncovered issues after failing to withdraw 5,000 in ETH from the Ronin bridge…Sky Mavis’ Ronin chain currently consists of nine validator nodes, of which at least five signatures are needed to recognize a deposit or withdrawal event. The attacker managed to gain control over five private keys, consisting of Sky Mavis’s four Ronin validators and a third-party validator run by Axie Decentralized Autonomous Organization, or DAO.
[Sun, Z. Axie Infinity’s Ronin bridge hacked for over $600M. (Accessed March 29, 2022)].
Once learning of the attack, Ronin took the following six steps:
- We moved swiftly to address the incident once it became known and we are actively taking steps to guard against future attacks. To prevent further short term damage, we have increased the validator threshold from five to eight.
- We are in touch with security teams at major exchanges and will be reaching out to all in the coming days.
- We are in the process of migrating our nodes, which is completely separated from our old infrastructure.
- We have temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin to err on the side of caution. The bridge will be opened up at a later date once we are certain no funds can be drained.
- We have temporarily disabled Katana DEX to due to the inability to arbitrage and deposit more funds to Ronin Network.
- We are working with Chainalysis to monitor the stolen funds.
[Ronin Network. Supra].
Ronin further reports: “ETH and USDC deposits on Ronin have been drained from the bridge contract. We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our top priority right now. All of the AXS, RON, and SLP on Ronin are safe right now” [Id].
Presently it appears that most of the funds remain within the attacker’s wallet: (https://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96).
Posted Using LeoFinance Beta