A hacker stole $625 million from the blockchain behind the NFT game Axie Infinity

Nearly $625 million worth of cryptocurrency has been stolen from Ronin, the underlying blockchain of the popular crypto game Axi Infinity. Ronin and Axi Infinity operator Sky Mavis disclosed the breach on Tuesday and halted transactions on the Ronin Bridge, which allows deposits and withdrawals of funds from the company's blockchain.

Sky Mavis says it is working with law enforcement to recover 173,600 Ethereum (currently valued at around $600 million) and 25.5 million USDC (a cryptocurrency pegged to US dollars) from the criminal, which was valued at 23. March was withdrawn from the network. The attack focused on the bridge to Sky Mavis' Ronin blockchain, which is an intermediary between Axi Infinity and other cryptocurrency blockchains such as Ethereum. Users can deposit Ethereum or USDC to Ronin, then buy non-fungible token items or in-game currency, or they can sell their in-game assets and withdraw money.

According to Sky Mavis, an attacker used a hacked private security key to compromise network nodes that validate transfers to and from the Ronin blockchain. This allows attackers to quietly withdraw large amounts of Ethereum and USDC. The transfer was discovered today - almost a week later - when another user attempted to withdraw 5,000 Ethereum via the bridge.

Sky Mavis says that the "Axi" NFT token players must purchase to access Axi Infinity, and neither the SLP nor the AXS in-game cryptocurrencies are used in fighting and breeding Pokemon-like cartoon Axolotl. Is. (Disclosure: Eddie bought three axes last month for a total of $105 to report on the game; the axes are currently selling for about $25.) But the freezing of withdrawals and deposits has effectively left many new players. has stopped. And the hack leaves the fate of other user funds on the Ronin blockchain in question. Sky Mavis says it is working with “law enforcement officials, forensic cryptographers and our investors to ensure there is no loss of user funds,” calling it a “top priority.”

Validator nodes are a feature of proof-of-stake blockchains such as Ronin, which are less energy intensive than proof-of-work systems such as Bitcoin and Ethereum. Nodes review new transactions to confirm that their inputs and outputs match and that the authorization signature is valid, rejecting any transactions that do not conform. Using a smaller number of nodes is faster and more efficient - but as the hack shows, it can pose a security risk if most nodes are compromised. This is a potential vulnerability for a blockchain that is believed to be cheaper and more environmentally friendly than Ethereum.

According to Sky Mavis, the ronin attack was possible partly because the company took it last November to relieve "excessive user load" on its network - months after the game exploded in popularity in the Philippines and other countries where players Can play full-time. depended on it as a job. The system was shut down in December, but the permissions it granted were never revoked. In addition to compromising four of Sky Mavis' own nodes, the attacker exploited them to access one managed by the community-owned Axi DAO. After compromising five of the nine validator nodes, the attacker could effectively override any transaction security and withdraw whatever funds they liked.

Sky Mavis says it will increase the number of nodes required for transactions to eight, and is certain that no more funds can be withdrawn, it will reopen Ronin Bridge "at a later date" . For now, the Ronin breach appears to be the biggest hack of the “decentralized finance” network to date, which came on the heels of $322 million theft from the Bridge Protocol wormhole last month.

"As we have seen, Ronin is not safe from exploitation and this attack reinforces the importance of prioritizing security, being vigilant and minimizing all threats," the company said in its announcement. "We know that trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and procedures to prevent future attacks."