Tuesday, May 17, 2022

Hack Steals $625 Million From NFT Game Axie Infinity’s Ronin Blockchain

Must read

Shreya Christinahttps://cafe-madrid.com
Shreya has been with cafe-madrid.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider cafe-madrid.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Approximately $625 million worth of cryptocurrency has been stolen from Ronin, the blockchain underlying the popular crypto game Axie Infinity† Ronin and Axie Infinity operator Sky Mavis revealed the break on Tuesday and froze transactions on the Ronin Bridge, which allows deposits and withdrawals of funds from the company’s blockchain.

Sky Mavis says it is working with law enforcement to recover 173,600 Ethereum (currently worth about $600 million) and USD 25.5 million (a cryptocurrency pegged to the US dollar) from the culprit, who withdrew it from the network on March 23. . The attack targeted the bridge to the Ronin blockchain owned by Sky Mavis, an intermediary between Axie Infinity and other cryptocurrency blockchains such as Ethereum. Users can deposit Ethereum or USDC with Ronin and then buy non-fungible token items or in-game currency, or they can sell their in-game assets and withdraw the funds.

According to Sky Mavis, an attacker used hacked private security keys to compromise the network nodes that validate transfers to and from the Ronin blockchain. That made the attacker quietly withdraw large amounts of Ethereum and USDC. The transfer was discovered today – almost a week later – when another user attempted to withdraw 5,000 Ethereum over the bridge.

Sky Mavis Says The “axie” NFT Tokens Players Need To Buy To Access Axie Infinity have not been compromised, nor have the SLP and AXS in-game cryptocurrencies been used in combating and breeding the Pokemon-like cartoon axolotls. (Disclosure: Adi bought three axes last month for a total of $105 to report on the game; axes currently sell for about $25 each.) But freezing withdrawals and deposits effectively shuts out many new players, and the hack leaves the fate of other user funds on the Ronin blockchain in question. Sky Mavis says it is “working with law enforcement, crypto forensics and our investors to ensure no user money is lost,” calling it its “top priority.”

Validator nodes are a feature of proof-of-stake blockchains like Ronin, which are less energy-intensive than proof-of-work systems like Bitcoin and Ethereum. The nodes review new transactions to confirm that their inputs and outputs match and that authorization signatures are valid, rejecting transactions that do not conform. Using a smaller number of nodes is faster and more efficient, but as the hack shows, it can pose security risks if a majority of nodes are compromised. It is a potential vulnerability to blockchains touted as both cheaper and more environmentally friendly than Ethereum.

According to Sky Mavis, the Ronin attack was possible in part because of a shortcut the company took to alleviate an “immense user load” on its network last November — months after the game. exploded in popularity in the Philippines and other countries where players relied on it as a full-time job. The system was shut down in December, but the permissions that allowed it were never revoked. In addition to compromising four of Sky Mavis’ own nodes, the attacker exploited them to gain access to a node operated by community-owned Axie DAO. After compromising five of the nine validator nodes, the attacker was able to effectively lift any transaction security and withdraw any funds they wanted.

Sky Mavis says it will increase the required number of nodes to eight for transactions, and will reopen the Ronin Bridge “at a later date” once it is certain no more funds can be drained. For now, the Ronin breach looks like the biggest hack to date of ‘decentralized financial’ networks, coming on the heels a $322 million theft from last month’s Wormhole bridging protocol.

“As we have seen, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant and mitigating all threats,” the company said in its announcement. “We know trust has to be earned and we use all the resources at our disposal to deploy the most advanced security measures and processes to prevent future attacks.”

More articles


Please enter your comment!
Please enter your name here

Latest article