Axie Infinity’s Ronin Network $625M Hack May be the Largest Exploit in DeFi history

Axie Infinity’s Ronin Network's $625M Hack May be the Largest Exploit in DeFi history

Axie Infinity, the blockchain NFT video game, has been exploited for 173,600 ETH and 25.5 million USD Coin (USDC) in the Ronin blockchain bridge.

According to the source, the Ronin bridge and Katana DEX were halted and validator nodes were compromised.

The security breach was discovered by Ronin Network earlier today when a user tried to withdraw 5k ETH from Ronin Bridge reporting that she was unable to do so. The validation nodes at Sky Mavis and Axie DAO were drained from the Ronin bridge in a couple of transactions mined in blocks 14442840 and 14442835. The source informs that the attacker used hacked private keys in order to forge fake withdrawals. 

Attack’s Perpetration 

Sky Mavis’ Ronin chain is formed by nine validator nodes and requires 5 out of 9 validating signatures. The attacker got control over four Ronin Validators and a third-party validator run by Axie DAO. In order to limit the attack vector, the key validation scheme is decentralized nonetheless the hacker found a backdoor through the gas-free RPC node, which was used to get the signature from Axie DAO.

The liaison between Sky Mavis and Axie DAO dates back to November 2021 when the immense user load compelled them to distribute a few free transactions via Axie DAO. The latter allowed Sky Mavis to sign various transactions on its behalf. The operation ended in December however the allowlist was not revoked.

Ronin Network has confirmed that the signature in the malicious withdrawals matches with the five suspected validators.

Undertaken Actions

After the attack was perpetrated, and to prevent short-term breaches, Ronin increased the validation threshold from five to eight signatures. Secondly, the network swiftly contacted major exchanges’ security teams and will keep in touch in the coming days.

Thirdly, the Ronin Bridge is temporarily closed to ensure that no attack vectors remain open. Likewise, Binance, the exchange platform, disabled the bridge to and from Ronin and will be closed until there is a certainty that no funds will be drained.

In addition to the former, Ronin temporarily disabled Katana DEX to avoid arbitrage and deposits within the Network, and finally, they are closely working with Chainalysis to monitor the stolen funds, as well as the communication channels with government agencies and forensic cryptographers to ensure that the attackers are caught and brought to justice and funds are recovered. 

The rest of AXS, RON, and SLP in the Ronin Network is safe right now.

Mariana Carmona
Mariana has an MSc (Cum Laude) in Blockchain and Digital Currency at the University of Nicosia, she is a Defi Talent at the Frankfurt School Blockchain Centre. Enthusiast full-time blockchain and cryptocurrency fanatic, writer of tokenomics and token analysis in Medium, worked for a project in a hedge fund as a knowledge manager. Reach out: Mariana.Carmona [at]