Biggest hack in DeFi history

3 Apr 2022

Hack of blockchain platform Ronin results in record loss of funds

The Ronin Network blockchain linked to the popular play-to-earn “Axie Infinity” game has lost 625 million USD in a hacking attack.

An unknown hacker managed to steal 173,600 ETH (about 600 million USD) and 25.5 million USDC. To date, this is the highest amount of funds stolen in the history of cryptocurrencies.

As it later became known, the security vulnerability was exploited on 23 March. However, the system owners found out about the hack 6 days later, after one of the users complained about the inability to withdraw 5,000 ETH.

The attacker managed to gain control over five of Ronin Network’s nine validators to carry out the attack. Four of them belonged to Sky Mavis and the fifth was Axie DAO. Access to most of the validators gave the hacker the ability to withdraw funds.

According to Sky Mavis, the attack on Ronin may have happened due to partnership interactions between Axie DAO and Sky Mavis. In November 2021, due to a heavy workload, Sky Mavis turned to Axie DAO for help to conduct free transactions. In December of that year, support was no longer needed, but Sky Mavis retained access to the Axie DAO validator. It was this loophole that was subsequently exploited by the hacker.

game characters

Sky Mavis developers have now temporarily suspended the Ronin bridge to prevent further thefts. The company is working with law enforcement agencies and improving security. The previous Sky Mavis validators have been replaced with new ones. In addition, there are plans to increase the number of validators.

Also, the blockchain management represented by the chief operating officer of gaming studio Sky Mavis stated, “We intend to fully reimburse our players. We are working on this on an ongoing basis.”

Sky Mavis and Axie DAO are part of the rapidly evolving Web 3.0 ecosystem, and this dramatic hacking confirms the need for increased security in the Web3 world.

Our security audit of source code and audit of smart contract services are designed to implement protection against cyberattacks in the innovative Web 3 technical space.

For a free expert consultation and for a quote, contact us today.

Other news

14/05/2022
Our work is your success in Web3
10/04/2022
Spring4Shell critical vulnerability