In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million.
The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game:
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022
The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator nodes, which is also the threshold required to approve a transaction. The Ronin chain currently consists of nine validator nodes and the hacker managed to get access to four of them along with a third-party validator run by decentralized autonomous organization (DAO) Axie DAO.
The root cause for the exploit could be traced back to last year when Axie DAO gave access to Sky Mavis to sign off on transactions on its behalf to mitigate user volume. However, this access was never revoked, which eventually led to backdoor access by hackers resulting in the $600 million hacks.
The exploit took place on March 23, only to be discovered nearly a week later after hackers behind the attack used the stolen funds to short Axie Infinity (AXS) and Ronin (RON). The hackers hoped to make more money on their exploit, thinking the news about the biggest crypto hack would eventually bring down the market, however, they got liquidated before the news broke:
You cannot make this up
Hacker steals $600MM in ETH from Ronin blockchain the one underlying Axie
Hacker then goes short Ronin & AXS (Axie token) knowing as soon as news breaks that tokens will plummet
But NO ONE notices and they get liquidated on short before news breaks
— Eric Golden (@ericgoldenx) March 29, 2022
The Ronin bridge was closed in the aftermath, with all deposits and withdrawals halted until the investigation was complete and it may take several weeks before the bridge opens for public use again. The developers behind the game have since sought help from various crypto exchanges and crypto analytic group Chainalysis to track the movement of funds and recover them.
Sky Mavis has ruled out technical vulnerabilities as the core cause behind the exploit and blamed it on social engineering. The developers also promised to reimburse and recover the stolen funds:
“This was a social engineering attack combined with human error from December 2021. Sky Mavis tech is solid and we will be adding several new validators to the Ronin Network shortly to further decentralize the network,” said Axie Infinity co-founder and chief operating officer Aleksander Leonard Larsen.
Laundering and reimbursement
The exploit on the Ronin bridge was quite similar to what happened on the Wormhole bridge for Solana, where the exploiters managed to get away with $320 million worth of crypto funds from the cross-bridge platform. Later in February, Jump Crypto — a venture capital firm — bailed out exploited users and replenished 120,000 ETH.
Sky Mavis had made a similar promise in the aftermath of the exploit, claiming they would ensure that affected users are reimbursed even if the lost funds aren’t recovered. On April 6, the creators of the popular game raised $150 million led by crypto exchange Binance and other investors.
A Sky Mavis spokesperson told Cointelegraph:
“Out of the total amount stolen, around $400 million belongs to users. The new round, combined with Sky Mavis and Axie balance sheet funds, will ensure that all users are reimbursed. The 56,000 ETH compromised from the Axie DAO treasury will remain undercollateralized as Sky Mavis works with law enforcement to recover the funds. If the stolen funds are not fully recovered within two years, the Axie DAO will vote on the next steps for the treasury.”
Many in the crypto world hoped that, like the exploiter of the Poly Network, the hacker behind the Ronin Bridge exploit would eventually return the stolen funds, as it’s quite difficult to launder such a high amount of money. However, there hasn’t been any evidence of such communication between game developers and the hackers and the company declined to comment on the status of such communications.
Elliptic, a crypto data analytics company, has traced down $540 million of the stolen funds and believes the hackers have already begun laundering the money. First, the stolen USDC was swapped for ETH on decentralized exchanges (DEXs) in order to avoid it being frozen.
After swapping USDC for ETH, the hackers started to launder the ETH via three centralized exchanges.
The wallet belonging to the hackers of the Ronin Bridge has also started sending funds to currency mixer services such as Tornado Cash. It’s worth noting that the Poly Network exploiter did the same at first but…
cointelegraph.com