Hacker Drained $622M From The Ronin Ethereum Sidechain: Report

A hacker drained $622M from the Ronin Ethereum sidechain via the use of hacker private keys according to the data from Sky Mavis. This could also be the biggest exploit in recent history so lets read more in todays latest cryptocurrency news.

Ronin is an Ethereum sidechain for the NFT game Axie Infinity and recently a hacker drained $622M from it. The stolen funds were drained from the bridge that connects Ronin to the Ethereum mainnet and since it is an ETH Sidechain developed for the game, it was targeted in a hack that saw the $625 million worth of crypto drained from its bridge.

There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP

— Ronin (@Ronin_Network) March 29, 2022

Sky Mavis announced the news and wrote that the exploit took place on March 23 but it was discovered only earlier today. The attacker used hacked private keys to execute the exploit according to their reports and was able to forge transactions to claim the funds. The attacker managed to get 173,600 WETH or wrapped Ethereum and 25.5 million USDC stablecoin which added up to the $622 million worth of funds as of the time of writing. Most of the stolen funds are all sitting in the hackers wallet.

According to the report, the attacker signed transactions from five or nine current validator nodes on the Ronin network which is the threshold needed to approve signatures but the attacker gained access to Sky Mavis own validators along with one that was opened by Axie DAO. The report read:

The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.

The report continued:

This traces back to November 2021 when Sky Mavis requested help from the Axie DAO to distribute free transactions due to an immense user load. The Axie DAO allow listed Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allow list access was not revoked.

Sky Mavis said that it contacted law enforcement as well as forensic cryptographers at Chainalaysis as well as its own investors to make sure the funds are recovered. During an interview recently, the co-founder of Axie Infinity Jeff Zirlin described this as the biggest hack in history while some of the drained funds have already been sent from the attackers wallets to exchanges. As a result of the security breach, Sky Mavis halted the bridge that connects Ronin to the ETH mainnet which made it possible to send funds and assets back and forth as well as the Katana decentralized exchange which runs on the Ronin sidechain. The Ronin bridge hack seems to be similar to the one of Wormhole whcih is a cross-chain for Ethereum/Solana bridge whcih was attacked for $320 million worth of WETH.