Evening
So, we have got another hack at our hands and may the biggest one the defi swctor has seen so far. Ronin network, an Ethereum side chain developed especially for popular NFT game Axie Infinity has been exploited with $625 Million worth cryptos drained from it's bridge.
What's more bizarre is the exploit took place a week ago on 23rd March but only discovered a week latter today, as per Ronin's official blogpost. The exploit was discovered after a user reported failing to withdraw 5000 Eth from Ronin Bridge. The exploiter drained 173,600 WETH (worth $600 Million) and 25.5 million USDC stablecoin(worth $25.5 Million) from Ronin bridge in two transactions.
Ronin chain consist of 9 validators nodes and for a transaction to confirm 5 out of 9 validators confirmations are required. The hacker managed to take control of Sky Mavis's four nodes and one third party node run by Axie DAO.
The roots of attacks trace back to November 2021 when Sky Mavis requested Axie DAO access to perform free transactions in order to handle immense user load. Axie DAO allowed Sky Mavis to sign transactions on their behalf. This was discontinued a month latter but the allow list existed. Hacker after gaining access to Sky Mavis systems, managed to find a backdoor into Axie DAO via gas-free RPC node to get the signatures from Axie DAO.
As per Sky Mavis after the exploit was discovered validator threshold was increased to avoid any further malicious transactions. Ronin bridge has been temporally paused as well as decentralized exchange Katana that runs on Ronin.
Meanwhile they are activity working with law enforcement to trace & identify the hacker and make sure the funds are recovered.
Despite Sky Mavis commitment to bring hacker to justice and recover the stolen funds, the chances of success remain thin. Digital exploit investigations are lengthy and cumbersome involving multiple law enforcements and jurisdictions. Stolen funds are lost for now, unless until the exploiter turn out to be a whitehat.
Meanwhile Sky Mavis has been facing community back lash for being not expanding validators threshold and being careless enough to notice the exploit after a week it had happened. My heart goes out for those affected and are stuck with Axie Infinity and Sky Mavis to issue a reimbursement plan.
