In one of the largest crypto hacks to date, hackers stole roughly $600 million, at time of writing, (173,600ETH and US$25.5M in USDC) from a blockchain network related to the famous NFT game, Axie Infinity.
The attack focused on the bridge between Sky Mavis Ronin blockchain, an intermediary between Axie Infinity and other crypto blockchains like Ethereum. This bridge that allows users to convert tokens from one network to another for specific tokens they need for the game.
Ronin’s bridge contract has been drained of Ethereum and USDC deposits which was discovered on 23 March. As of now, users are unable to withdraw or deposit funds. As a result, the Ronin Bridge and Katana DEX have been put on hold.
The attacker used private keys in order to forge fake withdrawals and the Ronin team only discovered the attack on the morning of 29 March after a user was unable to withdraw 5,000ETH from the bridge.
The Sky Mavis team’s top priority is working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. The team have confirmed that the signature in the malicious withdrawals matches up with the five suspected validators.
As of right now users are unable to withdraw or deposit funds to Ronin Network. Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed.
This caused the price of Ronin to fall by around 19%. It is now trading at US$1.80, -58% below its all-time high of US$4.29.
Some who tried to exploit the exploited
@Cobie on twitter noticed the Axie bridge was exploited for US$600 million six days ago, so she shorted AXS with high leverage but got liquidated.
Money movement from Ronin’s network
Vitalik sounds alarm on security of cross-chain bridges
Just the start of the year, Vitalik Buterin, the co-founder and chief scientist of Ethereum, as sounded the alarm over the security of cross-chain bridges, warning of their vulnerability in the event of 51% attacks.
While the burgeoning cross-chain ecosystem has allowed users to mitigate the expense of using Ethereum’s mainnet, cross-chain protocols were among those hit hardest by hackers in 2021.
THORChain suffered multiple exploits, and Poly Network was hit by the largest DeFi hack on record worth US$600 million (although the funds were eventually returned).
Vitalik emphasized the fundamental security limits of bridges and argues that blockchains can “maintain many of their guarantees even after a 51% attack,” contradicting popular perceptions that “everything breaks” for a network in the event of a successful 51% attack.
Silver lining to the storm?
We know one thing which prevalent in the web3 space. The community.
No one wants to be exploited. People in the space are either here to earn money or the technology. It could all just be a marketing gimmick but it was heartening to know that communities would stand behind each other and supporting the cause against hackers.
In the grand scheme of things, there will be improvement and forced innovation against these attackers in crypto.
Other bridges will learn from this exploit and is compelled to strengthen its network. These may include conducting comprehensive audits in their systems or introducing a bug bounty programme which not only improves the system but the space as a whole.
The space will also innovate new security measures in preventing exploitation. These may include privacy protocols whcih breaks the on-chain link between the source and destination address, allowing institutions to stay private.
It is a tedious and arduous process the space has to go through before we see global adoption, but we are slowly getting there.
“This change will come with risk, but risk is also the prerequisite for progress.”
[Editor’s Note: This article does not represent financial advice. Please do your own research before investing.]
Featured Image Credit: Chain Debrief