Axie Infinity's Ronin Sidechain has been exploited, with a yet unidentified threat actor stealing away an estimated $625 million in USDC and ETH.
According to a community alert posted by the Ronin Network, the Ronin bridge was exploited for 173,600 Ethereum and 25.5M USDC, or roughly $625 million based on current prices. The Ronin Validators have been compromised by a threat actor whose wallet now holds the amounts indicated.
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP— Ronin (@Ronin_Network) March 29, 2022
In response, the Ronin Network has decided to halt all operations for the Ronin bridge and Katana DEX.
"We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now," the network's team stated.
The security breach was apparently discovered in the morning after March 23rd, with Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes compromised, resulting to the hack and draining the Ronin bridge in just two separate transactions. Ronin Network claims that based on their initial assessments, the threat actor used hacked private keys in order to forge fake withdrawals. The hack was apparently discovered because of a user who was unable to withdraw 5,000 ETH from the Ronin bridge.
The Ronin chain includes nine validator nodes that oversee and control transactions, with signatures from at least five of these nodes required to approve all deposits and withdrawals. The exploit was able to overturn four of these validator nodes, alongside a third-party validator managed by Axie DAO.
With the raw amounts aforementioned, this latest in a series of exploits in the DeFi sector is currently the biggest sum in a single hack, going over the record $611 million exploit to Poly Network, a cross-chain protocol which was attacked in August 2021. Funds from the Poly Network hack were returned later on.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.