One of the biggest crypto hacks in crypto history occurred today when Axie Infinity’s Ronin network was hacked to the tune of $650m. Last February, the Ronin network was launched to lower the cost of using the Ethereum-built free-to-play blockchain game, Axie Infinity.
Importance Of The Ronin Network
Ronin enables its users to perform 100 Ethereum-related transactions for free every day. Thus, users won’t have to pay any transaction charges to use the Ethereum network. Axie Infinity is famous in Vietnam and the Philippines because the platform offers tokens to users playing its blockchain game. Hence, it is no surprise that many individuals and companies usually hire several ‘gaming experts’ to win these tokens.
However, Ronin released a special blog post on March 29 where it confirmed that a hack took place on its platform, with the hackers stealing nearly $650M worth of crypto. The post explained that hackers exploited the Ronin bridge to steal 174,000 ETH (valued at about $650m). The report also stated that the hackers stole about $25.7m worth of USDC (the second-largest stablecoins) in different transactions after gaining control of the network’s validator nodes.
Ronin uses a proof-of-authority mechanism that utilizes validator nodes for the verification and approval of transactions. It is a remarkable difference to bitcoin’s decentralized mining and approval process.
How The Hack Happened
Ronin has nine validator nodes, but only five of them are needed to authorize any withdrawal or deposit. The post further explained that the hackers forged fake withdrawals after hacking private keys. The hackers capitalized on a loophole on the RPC node of Axie Infinity-owned Sky Mavis.
This loophole enabled these hackers to access and control a validator node connected with Axie DAO, which Sky Mavis used last November to distribute free tokens when it was experiencing an overload of users. Since the hackers gained control of the four validator nodes by Sky Mavis, they approved two transactions successfully.
A Solution For The Long-Term
Ronin revealed that it would upgrade the minimum threshold for validating node consensus to eight out of nine and increase the number of validators to avoid a repeat of this hacking incident. In the short term, Sky Mavis is partnering with Chainalysis (a crypto-security firm) and other cyber-security firms from various industries to recover the stolen funds.
Also, the Ronin team has deactivated the network’s bridge and the DEX associated with it until the investigations are completed. The Ronin team further wrote in the blog post that “this hack reinforces the value of having a highly secured network and being alert to lessen the effects of any hacker exploits that can happen to any network regardless of their security protocols.”
They further wrote, “we have learned valuable lessons from this incident and will use these lessons to fortify the security of our network to ensure that similar attacks do not happen in the future.”
This hacking incident is the latest in the woes facing Sky Mavis. The prices of Axie Infinity tokens and NFTs have dipped significantly in the last couple of months, indicating a complete struggle for the play-to-earn gaming giants.