As per Axie’s Official Discord and Ronin Network’s official Twitter page, as well as its Substack page as of today, the Ronin bridge, as well as the Katana Dex, have been halted following an attack that impacted the amount of 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC) which is totaling $612 million at prices on Tuesday’s. In a statement to the public, its developers stated that the company is “currently working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON, and SLP [tokens] on Ronin are safe right now.”
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022
According to Ronin creators, Ronin hacker employed hacked private keys in an attempt to create false withdrawals, removing money from Ronin bridge in only two transactions. The most important thing is that the attack was discovered on March 23, however it was only discovered on Tuesday when the user had allegedly found out about problems when he failed to transfer 5,000 ETH through Ronin bridge. Ronin bridge. As of the time of writing, RON, Ronin’s primary governance token, has dropped almost 20 percent to $1.88 within the last hour.
Sky Mavis’ Ronin chain currently has nine validator nodes, out of which, at minimum, five signatures are required in order to verify an e
vent. The attacker gained control of five private keys made up of four Sky Mavis Ronin validators as well as an independent validator that is run through the Axie Decentralized Autonomous Organization, or DAO. Accessing the latter was particularly lengthy.
In November of last year, Sky Mavis, the developer of the Axie Infinity and Ronin ecosystems, sought assistance with the Axie DAO, to distribute free transactions in response to an increase in the number of users. Sky Mavis was able to get the Axie DAO whitelisted Sky Mavis to sign transactions on behalf of it and the process was ended in December. However, Whitelist access was not removed.
After the attacker gained the access rights the Sky Mavis systems, they obtained the final signature of the Axie DAO validator, thus achieving the threshold for nodes required to allow the illegal siphoning of money from Ronin. At the time of writing the majority of the stolen funds are still in the wallet of the attacker.
