The Ronin network suffered a node attack on Tuesday, losing a reported $621M. The news arrived just as Ronin was becoming more and more important for the Axie Infinity game, with more than 1M daily transactions.
What is known about the nature of the hack is that a compromised bridge between RON and ETH made it possible to take away a haul of coins. The actual exploit happened a few days back, on March 23 based on transaction records as announced by Sky Mavis.
But the fact that funds were taken from the bridge was only discovered on March 29. Bridges remain one of the riskiest tools, where the hacker managed to call a transaction and receive funds based on faked reserves. Compromised node operators verified the transaction as if it were real. The Ronin exploit recalls the recent Wormhole hack between Solana and Ethereum.
In addition to the ETH stolen, the bridge contract also lost $25.5M in USDC tokens.
Sky Mavis System Compromised
Apparently, the hacker used a temporary tool that Sky Mavis used in previous mass transactions to distribute rewards. Apparently, Sky Mavis still had the allow access to sign transactions with no gas fees. According to the company’s reports, the hacker used this tool to sign valid-looking withdrawals from the bridge.
The private keys used were recognized as valid, and belong to the five special validators used in late 2021 by Sky Mavis. This is why the transaction passed as ordinary and was only noticed after funds ran low.
The Ronin bridge will be paused until the issue is resolved, and while Sky Mavis contacts exchange operators. However, the funds may also be swapped on decentralized exchanges, with no tool to blacklist them so far. To partially avoid exploits, the Katana exchange is also closed.
The funds withdrawn, however, are on the side of the Ethereum chain, and can be moved to other exchange tools. Users can still move their Axies, RON, AXS and SLP on Ronin, but the bridge contract was entirely drained of its deposits, meaning there is no way to switch back to ETH-based assets. In a way, the exploit duplicated the assets, leaving the issue to law enforcement.
Immediately after the news, AXS tanked to $64.79 after rallying above $70 for a day. SLP fell to $0.019 after a hike to $0.022.