The blockchain network says it has been breached, to the tune of $625 million worth of dollar-pegged stablecoins and Ethereum (ETH) cryptocurrency.
“The attacker used hacked private keys in order to forge fake withdrawals,” Ronin said. “We discovered the attack after a report from a user being unable to withdraw ETH5,000 from the bridge.”
The Ronin decentralized currency exchange was halted after the breach was discovered, leaving users unable to conduct transactions until further notice. The provider says it is working with the authorities and forensic cryptographers to recover the stolen funds – valued at around $25 million in stablecoins and ETH176,000 ($600 million).
“As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats,” said the provider. “We are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks.”
Five out of nine validator nodes were hacked – the approval threshold for a withdrawal or deposit of funds. It is thought the threat actor behind the attack took control of four nodes run by Sky Mavis and a third-party validator operated by Axie DAO.
“The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one,” said Ronin. “But the attacker found a back door through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
The attack vector is thought to have derived in part from the Axie validator’s IP being left on an “allow list” to distribute free transactions – even though this feature was supposedly discontinued in December.
In response to the attack, Ronin said it would increase the transaction threshold to eight out of nine nodes. Most of the hacked funds are thought to be in an Etherscan digital wallet belonging to the cybercriminal who carried out the attack.
More from Cybernews:
Subscribe to our newsletter