- Ronin bridge reported a hacking attack leading to losses of 173,600 ETH and 25.5 million USDC, about $650 million in current price.
- Ronin said five validators’ accounts were hacked, resulting in the company increasing the number of validators from five to eight.
- Crypto exchange Binance has also stopped its Ronin bridge as a preventive measure.
Ronin, the Ethereum-based sidechain created by Sky Mavis made specifically for Axie Infinity was hacked. The firm disclosed a major security breach that led to the theft of about $625 million worth of cryptocurrency. The hack happened on March 23, but the cyber heist was discovered today after a user was unable to withdraw 5,000 Ether (ETH).
Axie Infinity co-founder Jeff Zirlin (Jihoz) discussed the hack on stage during a keynote address at the NFT LA conference.
According to the blog post, in two transactions about 173,600 ETH and 25.5 million USDC were drained from the Ronin Bridge on March 03. The hacker used hacked private keys to generate fake withdrawals. According to Ronin, four Sky Mavis validators and one Axie DAO validator were hacked.
The validator key scheme is set up to be decentralized so that it limits an attack vector such as this, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.
Following the breach, the Katana Dex and Ronin bridge have been halted. Crypto exchange Binance has also stopped its Ronin bridge as a preventive measure. The bridge will resume when its ascertained that funds cannot be drained again.
As preventative measures, Ronin will increase the number of validation of nodes from five to eight. It also said it is in indication with security teams at major exchanges. Migratunderway so that it is completely separated from the old infrastructure. Furthermore, Ronin is working closely with Chainalysis to monitor the stolen funds.