A security breach in the Ronin Network, the chain of ‘blockchain’ that uses the game of NFT Axie Infinity, has been the target of an attack that has resulted in the theft of more than 560 million euros in cryptocurrencies.
Specific, Ronin Bridgethe bridge connecting Axie Infinity’s sidechain Ronin Network to Ethereum has been mined for 173,600 Ethereum (over €530 million at current exchange rates) and 25.5 million USD Coin, which translates to about 560 million euros in total.
As reported by Ronin in a statement, this Tuesday he discovered that on March 23 the validation nodes of Sky Mavis, the developer of the non-fungible tokens (NFTs) video game Axie Infinity, and Axie DAO validation nodes they were compromised.
The company discovered this security breach after receiving a notice from a user, who was unable to withdraw 5k of Ethereum from the aforementioned bridge.
Apparently, the attacker, who made two transactions in total, used private keys, which had previously had accessto access the system and justify cryptocurrency withdrawals.
The Sky Mavis Ronin blockchain is made up of nine validation nodes. To proceed with the deposit or withdrawal of cryptocurrencies five of the nine signatures of these validators are required.
Because the attacker managed to control the video game developer’s four Ronin validators and a third-party validator managed by Axie DAO, he managed to gain access to the system.
Despite the fact that this is configured to be decentralized and, in the event of an attack, to isolate it from the rest, the hacker gained access through a back door from one of its nodes and got the signature of the Axie DAO validator.
These validator nodes are used to prevent fraudulent transactions. However, due to high demand for the game, Axie DAO gave special privileges to Sky Mavis to sign transactions on their behalf in November 2021.
Although this permission ended a month later, in December, the list of access permissions was not revoked. For that reason, once the attacker gained access to the Sky Mavis systemsit was able to obtain the signature of the corresponding validator.
Following an internal investigation, Ronin has confirmed that the signature of the digital asset withdrawals matches that of the five suspected validators.
In order to prevent further attacks in the short term and to protect its validation system, Ronin has increased the threshold of validators from five to eight and has started a process of migrating its nodes, completely separated from its old infrastructure.
“We have temporarily stopped the Ronin bridge to ensure that no more attack vectors are left open”, he stated in this statement, and warned that he has temporarily deactivated the bridges of Binance and Katana DEX.
In addition, he has announced that he is working with various government agencies, as well as Chainalysis, an organization that supports cryptocurrency companies and other financial institutions, to monitor the stolen funds.
Likewise, he has recalled that all the Ethereum tokens promoted by Axie Infinity (AXS, RON y Smooth Love Potion o SLP) of Ronin are guarded and safe from suffering an attack of these characteristics.
At this time, users cannot withdraw or deposit funds on the Ronin Network. However, Sky Mavis has undertaken to recover and repay all stolen funds.