Ronin Network exploited out of $625M, largest breach in DeFi history
It was a "social engineering attack combined with human error"
The gaming focused cryptocurrency platform Ronin Network, announced Tuesday that there was a security breach in their network with the perpetrators making off with over a total value of $625 million in USD and Ethereum (ETH).
The Ronin Network’s official Substack published a blog post detailing the specifics of how the breach occurred and how the exploit targeted their validator nodes for Sky Mavis, the publishers behind the popular play-to-earn game Axie Infinity. In the official substack, the company stated that the Ronin bridge was supposedly compromised when an attacker “used hacked private keys in order to forge fake withdrawals.” The breach can be tracked on Etherscan as two separate transactions were performed upon discovery of the breach. The substack further explained that the Ronin sidechain is designed with nine distinct validators. In order for a transaction such as a withdrawal or deposit to be recognized, five validator signatures need to be authorized. This system was put into place by Ronin to mitigate such attacks and breaches as this one. However, the attacker found a way to bypass this by abusing a backdoor through Ronin’s gas-free RPC node which allowed access Axie DAO validator. The gas free node in question was set up in November last year as a way to help Sky Mavis deal with a rising number of users by distributing free transactions easier and more efficiently. This process was shortly ceased but never fully covered its bases: “The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked. ”
The breach resulted in losses that are valued at 173,600 ether and 25 million USDC currently worth over $625 million. As a result, both the Ronin Bridge and Katana AMM have been put on hold while investigations into these platforms continue. Meanwhile, at the time of this writing, Ronin Network’s native token, RON has fallen 20% after the news. The price drop came as no surprise as the security of the Network is once again being questioned.
Currently, Ronin’s digital forensics investigation into the matter has disclosed that the attack was a social engineering attack by nature coupled with aforementioned vulnerability through human error in December. They are still working with Sky Mavis and cybersecurity personnel to uncover more about the case and find out what can be done