A hacker stole $625 million from the blockchain behind NFT game Axie Infinity
One of the largest ‘decentralized finance’ hacks yet
Roughly $625 million worth of cryptocurrency has been stolen from Ronin, the blockchain underlying popular crypto game Axie Infinity. Ronin and Axie Infinity operator Sky Mavis revealed the breach on Tuesday and froze transactions on the Ronin bridge, which allows depositing and withdrawing funds from the company’s blockchain.
Sky Mavis says it’s working with law enforcement to recover 173,600 Ethereum (currently worth around $600 million) and 25.5 million USDC (a cryptocurrency pegged to the US dollar) from the culprit, who withdrew it from the network on March 23rd. The attack focused on the bridge to Sky Mavis’ Ronin blockchain, an intermediary between Axie Infinity and other cryptocurrency blockchains like Ethereum. Users could deposit Ethereum or USDC to Ronin, then purchase non-fungible token items or in-game currency, or they could sell their in-game assets and withdraw the money.
According to Sky Mavis, an attacker used hacked private security keys to compromise the network nodes that validate transfers to and from the Ronin blockchain. That let the attacker quietly withdraw large quantities of Ethereum and USDC. The transfer was discovered today — nearly a week later — when another user attempted to withdraw 5,000 Ethereum through the bridge.
This article first published at The Verge on March 29, 2022.