The crypto gaming-focused Ronin Network announced a loss of over $625 million in USDC and ETH.
This could be the largest hack in crypto history.
According to an official blog post by the Ronin Network, the exploit affected nodes for publishers of the popular crypto game Axie Infinity and the Axie DAO.
The hacker used “private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions.
The Ronin attacker’s Ethereum address is a new address that transferred ETH in from Binance. Etherscan records show the attack took place last Wednesday.
However, it took the Ronin team a week to discover the hack.
Ronin’s sidechain requires nine validators requiring five signatures for withdrawals, but the attacker managed to find a backdoor in their code.
The Ronin Network hack saw losses at 173,600 ETH and $25.5 million in USDC.
The majority of the funds remain in the hacker’s address, with some being transferred to other addresses.
How is the Ronin Network Dealing With It?
The Ronin bridge and Katana Dex that enable transactions have been paused. Players who have funds stored on the network can’t access their crypto right now.
Ronin Network has increased the validator threshold from five to eight to improve the security of transactions.
They’re also migrating their nodes, completely separate from their old infrastructure.
“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now,” said Sky Mavis in a statement.
Also, they’re working with Chainalysis to monitor the stolen funds.
This is not the first time a DeFi like the Ronin Network has been exposed.
A hacker made off with more than $600 million in an exploit of cross-chain DeFi protocol Poly Network. A majority of the funds were returned.