Hackers Steal $625 Million from Ronin Network in Largest-Ever Crypto Theft

Hackers stole approximately $625 million in crypto from the Ronin blockchain and the video game network that is based on it, in the biggest ever crypto theft.

Ronin blockchain and the play-to-earn Axie Infinity video game network that is based on it experienced the biggest theft of crypto in history on March 23. However, Ronin did not discover the hack until Tuesday, March 29 according to the statement by the network.

Hackers stole a total of about 173,600 ether, which is the second most popular cryptocurrency after bitcoin, and 25.5 million USDC, a stablecoin linked to the US dollar. 

The hacker’s crypto wallet, which is open to view on Etherscan, shows that most of the cryptocurrency hasn’t been transferred after it was stolen from the Ronin Network. 

However, there is evidence that the hacker is trying to transfer smaller amounts of crypto in different transactions, which is probably a way to find out which channel can be safe to launder money.

Ronin stated in a substack post that the hackers gained control of five of the nine validator nodes on the network.

Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.

The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.

“This hack reflects the continuing challenges that blockchains and operators face in balancing user experience and security,” said Flora Li, head of the Huobi cryptocurrency exchange’s Research Institute.

Suggested read: Crypto Providers at Risk of Money Laundering & Terror Financing, Says FMA