- The Ronin (RON) network has experienced a security breach
- The compromise has resulted in the loss of 173,600 Ethereum and 25.5 million USD Coin (USDC)
- The hack happened on the 23rd of March through the use of private keys to forge fake withdrawals
- The team has halted the Ronin bridge and Katana DEX
- Law enforcement and Chainalysis has been involved in the investigation
The Ronin (RON) Network has experienced a security breach that has resulted in the loss of 173,600 Ethereum (ETH) and 25.5 million in USD Coin (USDC).
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022
How the Ronin Network was Hacked
According to the team at Ronin, the hack was carried out on the 23rd of March through a compromise to the Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes.
Furthermore, the attacker used private keys in order to fake withdrawals. The hack was discovered earlier today after a user filed a report of being unable to withdraw 5,000 Ethereum from the bridge.
The team at the Ronin Network is in the process of conducting a thorough investigation in addition to the following facts already known.
- 5 validator private keys were hacked: four belonging to Sky Mavis validators and one to Axie DAO validator
- The attacker found a backdoor through Ronin’s gas-free RPC node which was then used to get the signature for the Axie DAO validator
- The Sky Mavis system needs 5 out of the nine validator signatures to initiate a withdrawal event
- Ethereum and USDC deposits have been drained from the Ronin bridge contract
Next Steps of Action by the Ronin Network
The team at the Ronin Network has gone on to take the following actions moving forward.
- The team is actively safeguarding against future attacks
- The validator threshold has been increased from five to eight
- Security teams at various crypto exchanges are being contacted to help in freezing or identifying the movement of the funds
- The team at Ronin is in the process of migrating nodes away from the old infrastructure
- The Ronin bridge and Katana DEX have been temporarily disabled
- Binance has also disabled their bridge from/to Ronin
- Chainalysis has been requested to monitor the path of the stolen funds
- The team at Ronin is ‘working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds’