Ronin Network, a gaming-focused platform, announced that it had experienced a loss of over $625 million in USDC and ETH. The hack marks the largest yet ever made in the DeFi space. Ronin’s blog post states that the exploit affected the network’s validator nodes for Sky Mavis, popular publishers for the Axie Infinity game and Axie DAO.
Ronin Network Under Attack
An attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan.
On Tuesday, the Ronin network’s official Substack, the system came to a standstill. The network that allows players to exchange assets in the Axie Infinity realm and money between the Ethereum and Ronin blockchains was shut down. Players who hold digital funds on the Ronin network cannot conduct transactions at the moment.
The Ronin sidechain has nine validators and requires five signatures for withdrawals, designed to guard against such hacks. According to the blog post, “the attacker discovered a backdoor using our gas-free RPC node, which they exploited to obtain the signature for the Axie DAO validator.”
The post stated that the attack resulted in the loss of over 173,600 Ether and over 25.5 million USDC. ETH was transferred one week ago from the Binance exchange to the ETH address used by the Ronin attacker. According to Etherscan records, the attack occurred last Wednesday.
The attacker’s address still holds most of the cash, although 6,250 ETH has been moved to other addresses. The Ronin Bridge and the Katana automated market maker (AMM) have been halted while investigations continue. “We work directly with various government agencies to ensure the criminals get brought to justice,” the blog notes.
According to CoinGecko, RON, the native token of the Ronin network, has fallen by 27% since the announcement. It is currently trading at $1.78.
Hackers Target DeFi
The attack on the Ronin platform is the latest in a series of high-profile crypto thefts. It highlights the complexity of the problem facing the digital currency industry. The threat scale has still been a challenge for digital currency owners and law enforcement. Therefore, the FBI created a new crypto crime unit last month for this exact reason.
An exploit of the cross-chain decentralized finance protocol Poly Network in August 2021 led to the theft of $611 million. However, almost all of the funds were returned.
The largest blockchains, such as those that underpin bitcoin, have stayed safe. However, digital firms are developing services on top of or alongside them that may not always have the same level of security or decentralization.
It is unclear who was responsible for the attack or whether they will be able to unload any of the stolen money, as Ethereum can be easily traced as it is transferred between digital wallets. In several recent thefts, hackers promised to return valuables for a portion of the assets’ worth.
DeFi Still Needs More Development
The recent theft “is a sobering reminder of exactly how vulnerable Web3 marketplaces are to cyber assaults,” according to John Reed Stark, a former chief of the Securities and Exchange Commission’s Office of Internet Enforcement. Notably, Web3 alludes to a decentralized internet fueled by blockchain technology, which underlies a variety of cryptocurrencies.
“The entire Web3 marketplace is so fraught with chaos and lawlessness, we may never learn the truth about what happened,” said Stark. “And unlike U.S. financial firms who must report cyber-attacks fairly, accurately, promptly, etc., NFT and other Web3 marketplaces do not have to report anything at all.”