The first quarter of 2022 is about to end with one of the largest crypto thefts, as the gaming-focused Ronin bridge, which connects blockchains, has been exploited to the tune of more than USD 600m.
The Ronin Network confirmed that the bridge has been exploited for ETH 173,600 and USDC 25.5m, which is now worth around USD 617m. However, per blockchain analysis firm Elliptic, the total value of the stolen cryptoassets at the time of the theft was USD 540m, which makes it the second-largest crypto theft.
Both the bridge and the Katana decentralized exchange have been halted, they added.
The team behind the network claims that today, they discovered that Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised on March 23. Sky Mavis is the developer of Axie Infinity, the popular blockchain-powered play-to-earn game. The firm also developed Ronin, an Ethereum-linked sidechain made specifically for Axie Infinity.
“The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge,” they said.
The team said they are working with law enforcement officials, forensic cryptographers, “and our investors to make sure all funds are recovered or reimbursed.”
“All of the AXS, RON, and SLP on Ronin are safe right now,” they added.
According to them, their users are now unable to withdraw or deposit funds to Ronin Network.
“Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed,” the team added.
At 18:44 UTC, AXS trades at USD 65 and is down almost 9% in a day, SLP dropped 11% to USD 0.02, while RON crashed 20%, reaching USD 1.84.
Elliptic said that its internal analysis indicates that the exploiter has already begun laundering their proceeds, with funds originating from the attack already reaching at least “three prominent crypto exchanges.” The exploiter is using both centralized and decentralized exchanges, they added.
“At the time of writing, around USD 16 million in ETH has been laundered in this manner, leaving USD 524 million in various Ethereum accounts which appear to belong to the attacker,” the firm said.
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
– Digital Collectibles Marketplace VeVe Loses ‘Large Amount of Gems’ in an Exploit
– ApeCoin Smart Contract Exploited, ‘Well-Prepared Claimer’ Walks Away With USD 380K
– DeFiance Founder’s USD 1.76M Loss is a Lesson For NFT Investors
– Poly Network Hacker Keeps Sending Funds Back, Returns USD 342M
– BlockFi, Swan Bitcoin, Pantera Advise Users How to Stay Safe After Data Got Hacked in Hubspot CRM Raid
– IRA Financial Trust Hack Reportedly Sees USD 36M in Crypto Stolen From Users
– The 4th Largest Crypto Theft Shows DeFi Weakness as Hacker Nets USD 325M in a Wormhole
– What Did We Learn from the MonoX Hack?
(Updated at 19:18 UTC with additional details and comments. Updated on March 30 at 5:39 UTC to correct the stolen amount of USDC, which is USDC 25.5m, not USD 25.5.)