30 March 2022

Axie Infinity's Ronin network hit with $620M cryptocurrency theft


Axie Infinity's Ronin network hit with $620M cryptocurrency theft

Cyber actors hacked the Ronin network used for the Axie Infinity blockchain-based game, stealing more than $620 million in cryptocurrency in what would be the largest ever cryptocurrency heist to date.

The security breach, which took place on March 23, affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.

“We discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions,” the company wrote in a blog post.

The Ronin chain consists of 9 different validator nodes in total and five are needed for any deposit or withdrawal. Four Sky Mavis validators and 1 Axie DAO and a third-party validator run by Axie DAO were compromised in the attack.

“The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge,” the company explained.

Due to the security breach, the Ronin Network halted the Ronin bridge and Katana Dex. The company is now working with law enforcement officials, forensic cryptographers, and investors to make sure all funds are recovered or reimbursed.


Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024