In a recent turn of events, hackers have attacked the cryptocurrency universe once again and stole SGD$814 million ($600 million) from a blockchain network that was interlinked to the popular Axie Infinity online game.
Around $600 million has been stolen from the blockchain-based gaming network, Axie Infinity, the biggest crypto hack to date. Players of the game reacted with shock and disbelief and users in the Philippines and Vietnam took their complaints to Twitter about cryptocurrencies frozen in their wallets.
The digital network lost 173,600 Ethereum and 25.5 million USDC
The Ronin Network, which powers the Axie Infinity Game confirmed this hack on Twitter. According to the network’s post, Ronin lost 173,600 Ethereum and 25.5 million USDC. The coins were drained from the Ronin bridge in two transactions 1 and 2. The attacker utilised hacked private keys to forge fake withdrawals.
This breach occurred on March 23 but was discovered only on March 29, according to Ronin. The Ronin Network tweeted “We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed”.
This latest attack depicts that cryptocurrency bridges often face problems. The computer code of many of these bridges is not often audited, allowing hackers to exploit vulnerabilities. It is often unclear who runs these keys and exactly how. Identities of validators, who are supposed to order transactions on bridges, are often shrouded in mystery.
To approve any withdrawal or deposit, Ronin requires five of its nine validators to sign off on transactions to ensure funds are not moved by anyone with malicious intent. The attacker was able to control four Ronin validators and one validator linked to the Axie decentralized autonomous organisation (DAO) associated with Axie Infinity.
Wilfred Daye, head of Securitize Capital said, "The fact that nobody notices for six days screams aloud that some structures should be in place to watch illicit transfers".
Even after this, there are thousands of bridges out there, and they move hundreds of millions of dollars worth of crypto.
The price of Ron, a token used on the Ronin blockchain, dropped about 22 % after the hack was disclosed. AXS, a token used in Axie Infinity, fell as much as 11% according to CoinMarketCap.
Ronin is trying to get the funds back
In a recent blog, Ronin mentioned that it is in touch with major cryptocurrency exchanges and the biggest blockchain tracer Chainalysis to monitor the movement of the stolen funds. The company is working with law enforcers.
Sam Bankman-Fried who runs the FTX cryptocurrency exchange said it would assist the blockchain forensics. Binance Holdings and OKX issued similar statements, with Binance also saying it is "working with certain law enforcement agents on potential leads".
This Ronin hack follows the February attack on the Wormhole bridge, which resulted in more than $300 million in losses, which one of Wormhole’s sponsors, Jump Crypto, reimbursed. Other crypto bridges have suffered from so-called rug pulls, when their founders disappeared and had issues when their key developers went rogue.
Yat Siu, co-founder of Animoca Brands said in an interview before the hack, "If a bridge has the ability to mint tokens, it's like taking control of the minting machines".
"Bridges are authorities at this point, and if they are designed badly or have vulnerabilities, they become a huge risk to the ecosystem."
Jump Crypto bailed out Wormhole to prevent the entire Solana ecosystem from being directly hit. However, Sky Mavis and Ronin haven’t announced any similar plans yet.