The Ronin Network has suffered what is being tagged as the largest hack in the history of Decentralized Finance (DeFi), which funds in excess of $625 million carted away by the hackers.
The Ronin Network’s official blog post shared that the hackers perpetrated the attack on March 23, even though it is just being discovered.
Ronin Network is an Ethereum sidechain that was created with Axie Infinity’s community in mind. It is the product of the search by the Axie Infinity team for a fast, cheap, and reliable network resident on the Ethereum blockchain. As detailed in the Ronin Network blog post, a total of “173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions.”
“The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge,” the blog post reads.
As detailed by Ronin Network, a transaction can only be recognized by at least 5 out of the 9 validators’ signatures the protocol has. The network said the hackers “managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.”
The Ronin Network also explained that the “validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
The address of the hackers is a relatively new one. Fortunately, the majority of the funds stolen are still existing, minus the 6,250 ETH that has been sent to various other addresses. As confirmed in the blog post, transactions on the Ronin Network and the Katana Decentralized Exchange have been halted to allow joint investigation with relevant agencies.
Prior to this Ronin Network hack, interoperability blockchain, Poly Network ranked as having the largest hacked funds in DeFi history, however, the entire $610 million hacked was completely returned after a bout of interactions between the hacker and the Poly Network team.
Image source: Shutterstock