In a recent attack on the Ronin network where significant funds were stolen. As a result, the Ronin bridge and the Katana DEX has been halted. The blockchain is also working with law enforcement agents, forensic cryptographers and other stakeholders to see to the recovery of the digital assets. Here are the details of this security breach.
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022
Details of the Attack on the Ronin Network
On the 29th of March 2022, Ronin discovered that there has been a security breach on its network. This breach was due to Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes being compromised on the 23rd of March 2022. In the aftermath of this attack, 173,600 Ethereum and 25.5M USDC were stolen from the Ronin bridge. This took place in two transactions (1st and 2nd). To successfully execute the attack, the hacker used hacked private keys to enable fake withdrawals.
Notice of this incident came to the blockchain’s notice when a user reported being unable to withdraw 5,000 $ETH from the Ronin bridge. The Sky Mavis’ Ronin Chain consists of 9 validators who approve a withdrawal or deposit. For either event to successfully take place, 5 of these 9 individuals must approve it. To gain governance ability, the attacker got control of four Sky Mavis’ and the Axie DAO third-party validators.
To gain control over these validators, the attacker abused the gas-free RPC node and get the signature for the Axie DAO. All this was possible because of an event that took place in November 2021. During the period, Sky Mavis sought the help of Axie DAO to distribute free transaction. This was due to an overload on its server. After allowing Sky Mavis to sign transactions on its behalf, Axie DAO did not revoke the access. As such, the hacker was able to gain access to the signature of the Axie DAO validator after getting access to the Sky Mavis system.
Next Steps to Recover Stolen Funds
Ronin is doing everything possible to ensure it recovers all the stolen funds. It is in touch with security teams of major exchanges. In addition, it is working with Chainalysis to monitor the stolen funds. Community members should be expecting an update soon. Also, it is temporarily pausing activities on the Ronin bridge. The Katana DEX and Binance-Ronin are temporarily disabled.
While working towards recovering the stolen funds, the blockchain is also ensuring that it does not happen again. One measure involves the validators from 5 to 8. It is also migrating the nodes and separating it from the old infrastructure.