In the biggest ever Crypto Heist in history, a hacker managed to steal a whopping $610 million worth of cryptocurrency out of the Ronin bridge, between the Axie Infinity and Ethereum Blockchain in the form of 173,600 Ethereum and 25,500,000 USDC [USDCoin].
The hack happened on the 23rd of March 2022, but came into revelation 6 days after the incident, on the 29th of March when a member was not able to withdraw 5,000 Ethereum from the Ronin network.
The incident has been confirmed by the Social Media accounts of Axie Infinity, including their Official Substack.
Axie Infinity is a play-to-earn [P2E] asset and battle game that pays out cryptocurrency to players who mint NFTs of fluffy-looking but fierce battle creatures. Developed by the Sky Mavis studio of Vietnam, Axie Infinity pays using Axie Infinity Tokens [AXS] and Smooth Love Potion Tokens [SLP] to the Ronin [RON] Network where RON is used as the native Token.
Biggest CryptoHeist: What is the Ronin bridge?
The COO of Axie Infinity Alexander Larson tweeted: “This was a social engineering attack combined with a human error from December 2021”
The Ronin network acts as a bridge between the Axie DeFi Katana Automated Market Maker [AMM] and Ethereum Blockchain. Katana is the Decentralised exchange belonging to the Axie Infinity.
DeFi essentially refers to a financial system wherein financial products are available on the decentralized blockchain network and open for use by anyone in a peer-to-peer manner instead of accessing the middlemen such as banks or a company to facilitate a transaction. Buying and selling digital assets are among the common DeFi use cases.
The bridge takes the cryptocurrency from one network to the other and it needs multiple signatures and several smart contracts between them in the process. To get validated, a transaction needs a minimum 5 out of 9 signatures from the Axie DeFi and from the Axie DAO [Decentralised Autonomous Organisation].
The remaining 4 signatures being the provisions for congestion or malfunction of the Axie network. And this process of cross-chain bridging and the signatures proved vulnerable to the attack.
Back in November 2021, the developers of the Axie, Sky Mavis requested help from the Axie DAO to distribute free transactions due to the immense user load.
The Axie DAO allow listed Sky Mavis to sign various contracts on its behalf. Although this was discontinued in December, the allow list was not revoked.
The hacker who successfully executed the crypto heist got access to the 4 signatures at Sky Mavis’ end. He then pushed malicious messages to the DAO validator through gas-free RPC and got the signature of the 5th verification node of the transaction. He used a low balance of 1.0569 Ethereum as the gas fees for the transactions, which he acquired from the crypto exchange Binance using a fresh address, proxy, fake device information, and fake KYC [Know Your Customer].
Is The Stolen Crypto on Defi? Details of The Crypto Heist
Prior to the 4th of April, most of the currency still remained in the hacker’s initial wallet. Since then 1,220 Ethereum has been moved to an account at FTX, 3750 Ethereum to 3 Houbi addresses, and 1 Ethereum to a Crypto.Com wallet.
Blockchain security firms Peck Shield and SlowMist and some others are investigating this incident along with the networks that are involved.
Binance, FTX, and Houbi have assured Axie that they will help in the ongoing investigation in every possible way. Binance had suspended Wrapped Ether [WETH] and Ethereum transactions and swapping, and stopped processing the Ronin network transactions for the moment until the network is secured and stable again to avoid such a crypto heist from taking place again.
To Wrap It Up:
- 20 transfers of 100 Ethereum each were made from the hacker’s wallet as on the 4th of April to the Tornado Cash [TORN] wallet, according to the on-chain data. TORN is a decentralised protocol that breaks the on-chain link between source and destination addresses, thus making transactions anonymous and untraceable.
- 6th of April, Sky Mavis has announced a funding round of $150,000,000 led by Binance and some others, and some funds from Axie Infinity’s balance sheet to reimburse the users who had been affected by the hack.
- Binance has partially resumed its WETH / Ethereum transactions and Ronin network functions whereas Axie Infinity’s Ronin activities are still suspended for a few more weeks until fully secured.
It should be noted that the rise in decentralized finance (DeFi) which facilitates crypto-denominated lending outside traditional banking, has been a big factor in the increase in such crypto heists. The firm says hackers have targeted DeFis the most, in yet another warning for those dabbling in this emerging segment of the crypto industry.
