Late Tuesday, the Ronin Network announced that hackers had stolen roughly $625 million in cryptocurrency from its blockchain and the play-to-earn Axie Infinity video game network that operates on top of it, according to a statement by the organization. The hackers stole approximately 173,600 of the very popular ether and 25.5 million of USDC, a cryptocurrency pegged to the U.S. dollar.
The incident is now believed to be the biggest theft of cryptocurrency ever. The theft occurred on March 23, but was only discovered and reported last Tuesday.
"The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge," said the Ronin Network in their statement.
The organization also explained how the attack might have occurred.
"Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO," the statement added.
"The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator."
For now, the hacker’s crypto wallet is reported to indicate that most of the stolen funds haven’t yet been moved. It is speculated that the criminal is waiting for a safe way to move the money without being caught.
Guarding against future attacks
The Ronin Network said they were actively taking steps to guard against future attacks and had increased their validator threshold from five to eight in order to prevent further short-term damage. They also stated they were working with security teams at major exchanges as well as various government agencies to catch the criminals responsible for this theft and were in the process of migrating their nodes, which are completely separated from the network's old infrastructure.
In January of 2022, data from blockchain analytics firm Chainalysis revealed that scammers stole a whopping $14 billion in cryptocurrency in 2021 partially because of the growth of the decentralized finance (DeFi) platform. In that same month, hackers stole approximately $80 million in cryptocurrency by exploiting a bug on the Qubit Finance platform that lets users convert one form of digital currency into another. The theft took a mere 20 minutes to complete.
This begs the question: are these transactions safe or should more thought and development be put into them before we invest?