A major cyber-heist has rocked the cryptocurrency world, with hackers stealing hundreds of millions of dollars’ worth of virtual coins from a popular gaming platform. Sky Mavis, a Vietnamese blockchain game developer, recently revealed that its Ronin Network, designed as an Ethereum sidechain for the Axie Infinity game, was compromised.
The Ronin Network serves as a bridge for users to transfer cryptocurrency in and out of the game. However, the company only became aware of the massive theft when a user reported issues with withdrawing funds from the bridge. The breach occurred a week ago but was only discovered recently.
The hackers were able to breach Sky Mavis’s Ronin and Axie DAO validator nodes, using stolen private keys to conduct fake withdrawals. This resulted in the theft of a staggering 173,600 Ethereum, equivalent to $592 million, and $25.5 million from the Ronin bridge in two separate transactions.
The Ronin Network explained that the validator nodes, which require five out of nine signatures for deposit or withdrawal events, were compromised. The attackers gained control of four Ronin validators and a third-party validator from Axie DAO, exploiting a backdoor in the gas-free RPC node to forge the necessary signatures.
In response to the breach, the Ronin Network has temporarily halted its bridge functionality to prevent further attacks and has increased the validator threshold from five to eight. The company is also collaborating with Chainalysis, an analytics firm, to track the stolen funds. Most of the stolen funds are still in the attacker’s wallet, according to reports.
This incident marks the largest cryptocurrency theft on record, surpassing the $610 million stolen in the Poly Network hack last year. The gaming and cryptocurrency communities are on high alert following this unprecedented cyber-heist, underscoring the importance of robust security measures in the digital asset space.