Axie Infinity
Axie Infinity, an online game that became popular for earning cryptocurrency while gaming, its side chain service Ronin Network issued a press release confirming that it was hacked, with 173,600 ETH and 25.5 million USD stable currency USDC stolen. Equivalent to nearly 600 million US dollars. Ronin Network also explained the hacking in detail, so that everyone can better understand this large-scale theft.
Ronin Network said it found that the hackers first obtained the signature file through a backdoor in one of the RPC nodes run by Axie DAO. At the same time, among the 9 nodes used to verify the transaction, 5 of them (4 are Ronin Validators, one is Axie DAO) were successfully manipulated, and a fictitious transaction request was initiated on March 23, with two transfers. The equivalent of $600 million in assets was taken away.
For the existence of this backdoor, Ronin Network explained that their parent company Sky Mavis turned to Axie DAO to assist in processing transactions in November 2021 due to a large number of users loading, and thus established a Ronin Bridge bridging mechanism connecting the services of both parties. However, after the cooperation ended in December 2021, the bridging authorization was not revoked, so such a loophole was created.
Nearly a week after the hackers stole the assets, the user found out that he could not transfer 5,000 ETH on the Ronin Network and revealed that the official said that the wallet address where the stolen encrypted assets were located has been traced, and law enforcement agencies, Chainalysis have been contacted. Come and study the recovery of stolen assets. At present, the authorization of Ronin Bridge has been revoked, and the access of Binance Binance has also been stopped to prevent further assets from being transferred; in addition, the Katana DEX trading service has also been disabled, so users are currently unable to deposit or withdraw Ronin Network. assets.
Ronin Network emphasizes that users’ AXS, RON, and SLP cryptocurrencies are safe, and has raised the threshold for authentication nodes to 8, and will add more authentication nodes as soon as possible.
