The gaming focused cryptocurrency platform Ronin Network, announced Tuesday that there was a security breach in their network with the perpetrators making off with over a total value of $625 million in USD and Ethereum (ETH).
The Ronin Network’s official Substack published a blog post detailing the specifics of how the breach occurred and how the exploit targeted their validator nodes for Sky Mavis, the publishers behind the popular play-to-earn game Axie Infinity.
In the official substack, the company stated that the Ronin bridge was supposedly compromised when an attacker “used hacked private keys in order to forge fake withdrawals.” The breach can be tracked on Etherscan as two separate transactions were performed upon discovery of the breach.
The substack further explained that the Ronin sidechain is designed with nine distinct validators. In order for a transaction such as a withdrawal or deposit to be recognized, five validator signatures need to be authorized. This system was put into place by Ronin to mitigate such attacks and breaches as this one. However, the attacker found a way to bypass this by abusing a backdoor through Ronin’s gas-free RPC node which allowed access Axie DAO validator.
The gas free node in question was set up in November last year as a way to help Sky Mavis deal with a rising number of users by distributing free transactions easier and more efficiently.
This process was shortly ceased but never fully covered its bases:
“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked. ”
The breach resulted in losses that are valued at 173,600 ether and 25 million USDC currently worth over $625 million.
As a result, both the Ronin Bridge and Katana AMM have been put on hold while investigations into these platforms continue.
Meanwhile, at the time of this writing, Ronin Network’s native token, RON has fallen 20% after the news. The price drop came as no surprise as the security of the Network is once again being questioned.
Currently, Ronin’s digital forensics investigation into the matter has disclosed that the attack was a social engineering attack by nature coupled with aforementioned vulnerability through human error in December. They are still working with Sky Mavis and cybersecurity personnel to uncover more about the case and find out what can be done
1/4 @Ronin_Network update
Been an intense 36 hours
Been working with the Sky Mavis board and key cybersecurity personnel to get a complete overview of the situation
Our internal network is currently going through a deep forensics review to ensure there is no lingering threat
— Psycheout – Aleksander | Axie Infinity (@Psycheout86) March 30, 2022
The catastrophic Ronin breach came on top of a very unfortunate day for Sky Mavis and Axie Infinity as at the same day, they’ve had to ban 7 of its top players from the game due to match fixing and win trading. Sky Mavis is also expected to launch its big Axie Origin update which changes a huge chunk of the game this week. There has been no word on whether the launch will be delayed due to the current circumstances