Around $625 million worth of cryptocurrency has been stolen from Ronin, the blockchain used by the popular crypto game Axie Infinity. Sky Mavis, the operator of the crypto game revealed the breach on Tuesday and froze transactions on the Ronin bridge, which allows depositing and withdrawing funds from the company’s blockchain.
Important announcement regarding a security breach on the Ronin Network. https://t.co/88TilOGTX6
— Axie Infinity🦇🔊 (@AxieInfinity) March 29, 2022
Ronin said it is working with blockchain analytics firm Chainalysis to recover 173,600 Ethereum (currently worth around $600 million) and 25.5 million USDC (a cryptocurrency pegged to the US dollar) from the hacker, who withdrew it from the network on March 23rd. Ronin announced that the exploit was only discovered a week later after a 5,000 ETH withdrawal attempt from one of their users failed.
The attack focused on the bridge to Sky Mavis’ Ronin blockchain, an intermediary between Axie Infinity and other cryptocurrency blockchains like Ethereum. Users could deposit Ethereum or USDC to Ronin, then purchase non-fungible token items or in-game currency, or they could sell their in-game assets and withdraw the money through the bridge. The attacker managed to get hold of the private cryptographic keys belonging to five of the validators of the bridge, which was enough to steal the crypto assets.
According to CoinMarketCap, the price of Ron, a token used on the Ronin blockchain, dropped about 22% after the hack was disclosed. AXS, a token used in Axie Infinity, fell as much as 11% before rebounding. Ronin found that most of the hacked funds went to a single wallet. The stolen USDC was swapped for ETH through decentralized exchanges (DEXs) to prevent it from being seized.
“The fact that nobody notices for six days screams aloud that some structure should be in place to watch illicit transfers,” said Wilfred Daye, head of Securitize Capital, the asset-management arm of Securitize Inc was quoted by Bloomberg on the hacking incident.