The Ronin Network, which is used for a game called Axie Infinity, loses 173,600 tokens in Ethereum and a $25.5 million in USD Coin.
A gaming-focused blockchain is reporting what might be the new record holder for largest cryptocurrency hack in history.
The incident involves the Ronin Network, an «Ethereum-linked sidechain» from Vietnamese developer Sky Mavis, which has been using the technology for a Pokemon-style game called Axie Infinity. The blockchain is now reporting it’s lost over $620 million in Ethereum and USD Coin due to an apparent hack.
The breach actually took place nearly a week ago, on March 23, but was only discovered today. In a blog post, the Ronin Network said “validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions.”
These validator nodes operate as computers that verify transactions. The attacker hijacked access to four validator nodes at Sky Mavis, in addition to a third-party validator configured with extra privileges, granting the culprit the authority to steal the funds.
“The attacker used hacked private keys in order to forge fake withdrawals,” Ronin Network’s blog post added. “We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.”
Many of the stolen funds are now in the hacker’s digital wallet, which shows the mysterious user has been stealing the cryptocurrencies over the course of six days. In response to the breach, the Ronin Network has halted trading over the blockchain.
“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed,” the blockchain added. “All of the AXS, RON, and SLP on Ronin are safe right now.”
Still, the breach is bad news for gamers who’ve invested time and money in Axie Infinity. The game uses a «pay-to-earn» model involving digital creatures called Axies, which can be bought up as NFTs costing around $300 or more. Axies can then be used to earn in-game tokens or even traded for Ethereum. As a result, the hack risks rendering the game’s entire economy worthless.
The previous record holder for biggest cryptocurrency heist involved the blockchain provider Poly Networks, which lost over $600 million last year. But in that case, the hacker responsible eventually returned the stolen funds voluntarily. (Meanwhile, the 2014 hack of Mt. Gox was estimated at $470 million at the time. But in today’s value, the stolen Bitcoin would have amounted to a staggering $35 billion.)
It’s unclear why Sky Mavis didn’t discover the hack sooner. But it’s a bad look for the company since the hacker made an initial withdrawal of 8,294 tokens (US$28 million) in Ethereum more than six days ago without the Ronin Network noticing.
For now, the Ronin Network says: “We are in the process of discussing with Axie Infinity/Sky Mavis stakeholders about how to best move forward and ensure no users’ funds are lost. Sky Mavis is here for the long term and will continue to build.” The company is also increasing the validator threshold to verify transaction from five to eight.
The blog post added: “As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats.”
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Your subscription has been confirmed. Keep an eye on your inbox!
Advertisement
Michael has been a PCMag reporter since October 2017. He covers a wide variety of news topics, including consumer devices, the PC industry, cybersecurity, online communities, and gaming. Please send him tips.
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
© 1996-2022 Ziff Davis. PCMag Digital Group
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.
