Gaming-Focused Blockchain Provider Loses Over $622 Million in Hack

A gaming-focused blockchain is reporting what might be the new record holder for largest cryptocurrency hack in history. 

The incident involves the Ronin Network(Opens in a new window), an “Ethereum-linked sidechain” from Vietnamese developer Sky Mavis, which has been using the technology for a Pokemon-style game called Axie Infinity. The blockchain is now reporting(Opens in a new window) it’s lost over $620 million in Ethereum and USD Coin due to an apparent hack. 

The breach actually took place nearly a week ago, on March 23, but was only discovered today. In a blog post(Opens in a new window), the Ronin Network said “validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions.” 

These validator nodes operate as computers that verify transactions. The attacker hijacked access to four validator nodes at Sky Mavis, in addition to a third-party validator configured with extra privileges, granting the culprit the authority to steal the funds. 

“The attacker used hacked private keys in order to forge fake withdrawals,” Ronin Network’s blog post added. “We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.”

Many of the stolen funds are now in the hacker’s digital wallet, which shows(Opens in a new window) the mysterious user has been stealing the cryptocurrencies over the course of six days. In response to the breach, the Ronin Network has halted trading over the blockchain. 

“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed,” the blockchain added. “All of the AXS, RON, and SLP on Ronin are safe right now.” 

Read Also:  Wash sale guidelines might apply to bitcoin and ethereum in spending invoice

Still, the breach is bad news for gamers who’ve invested time and money in Axie Infinity. The game uses a “pay-to-earn” model involving digital creatures called Axies, which can be bought up as NFTs costing around $300 or more. Axies can then be used to earn in-game tokens or even traded for Ethereum. As a result, the hack risks rendering the game’s entire economy worthless.

The previous record holder for biggest cryptocurrency heist involved the blockchain provider Poly Networks, which lost over $600 million last year. But in that case, the hacker responsible eventually returned the stolen funds voluntarily. (Meanwhile, the 2014 hack of Mt. Gox was estimated at $470 million at the time. But in today’s value, the stolen Bitcoin would have amounted to a staggering $35 billion.)

It’s unclear why Sky Mavis didn’t discover the hack sooner. But it’s a bad look for the company since the hacker made an initial withdrawal of 8,294 tokens (US$28 million) in Ethereum more than six days ago without the Ronin Network noticing. 

For now, the Ronin Network says: “We are in the process of discussing with Axie Infinity/Sky Mavis stakeholders about how to best move forward and ensure no users’ funds are lost. Sky Mavis is here for the long term and will continue to build.” The company is also increasing the validator threshold to verify transaction from five to eight.

The blog post added: “As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats.”

Source By