Hackers Steal Record $625 Million from Crypto Firm Axie Infinity

The theft was discovered several days later, raising questions about the vulnerabilities of decentralized finance (DeFi).



The cryptocurrency world was rocked after Ronin, the blockchain underlying Axie Infinity, said hackers had stolen roughly $625 million from the play-to-earn online game.

Ronin announced the security breach in a blog post, saying 173,600 ethereum and 25.5M USDC had been drained from the Ronin bridge in two transactions.

This is your last chance to demystify investing and learn how to build your wealth with TheStreet Smarts, our Founder's Sale ends soon!

'This is Our Top Priority Now.'

Bridging is where assets are locked on one blockchain and then replicated on another blockchain. The attacker used hacked private keys in order to forge fake withdrawals.

The heist occurred on March 23, but Sky Mavis, a Vietnamese studio that developed Axie Infinity, discovered the breach on Tuesday after a user was unable to withdraw 5,000 ETH from the bridge.

Sky Mavis’ Ronin chain currently consists of 9 validator nodes, the post said. In order to recognize a deposit or a withdrawal, five out of the nine validator signatures are needed. 

The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO, or decentralized autonomous organization. 

Get $50 Worth of BTC Bonus

Download The Vantage Mobile App And Trade Now to get your $50 Worth of BTC Bonus. T&Cs apply.

SPONSORED BY VANTAGE MARKETS

Learn More

"ETH and USDC deposits on Ronin have been drained from the bridge contract," the blog post said. "We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our top priority right now."

Ronin Bridge was paused to ensure no further attack vectors remain open.

"Sky Mavis is here for the long term and will continue to build," the post said.

Binance, the largest cryptocurrency exchange in the world, has also disabled their bridge to and from Ronin "to err on the side of caution."

"The bridge will be opened up at a later date once we are certain no funds can be drained," the post said.

'An Intense 36 Hours'

"Been an intense 36 hours," Aleksander Leonard Larsen, Sky Mavis' co-founder and chief operating officer, tweeted. "Been working with the Sky Mavis board and key cybersecurity personnel to get a complete overview of the situation."

Get $50 Worth of BTC Bonus

Download The Vantage Mobile App And Trade Now to get your $50 Worth of BTC Bonus. T&Cs apply.

SPONSORED BY VANTAGE MARKETS

Learn More

"Our internal network is currently going through a deep forensics review to ensure there is no lingering threat," he added.

Larsen said that the hack was an engineering attack combined with a human error from December 2021.

"We are committed to ensuring that all of the drained funds are recovered or reimbursed, and we are continuing conversations with our stakeholders to determine the best course of action," he said in a follow-up tweet.

The heist sparked a barrage of comments on social media. 

"WOW, didn't expect to wake up to a $600M hack," one person tweeted. "The Hacker exploited the 'ronin bridge' which axie infinity runs on. The stole 25M USDC and 173K eth. Absolutely devastating."

"Hackers will end DeFi," another person said. "This needs to stop."

One commenter noted last month's Wormwood heist, where hackers made off with cryptocurrencies valued at more than $323 million from the DeFi protocol that links blockchain Solana with other decentralized blockchain networks.

Previous Post Next Post