The first quarter of 2022 is about to end with one of the largest crypto thefts, as the gaming-focused Ronin bridge, which connects blockchains, has been exploited to the tune of more than USD 600m.
The Ronin Network confirmed that the bridge has been exploited for ETH 173,600 and USDC 25.5, which is now worth around USD 617m. However, per blockchain analysis firm Elliptic, the total value of the stolen cryptoassets at the time of the theft was USD 540m, which makes it the second-largest crypto theft.
Both the bridge and the Katana decentralized exchange have been halted, they added.
The team behind the network claims that today, they discovered that Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised on March 23. Sky Mavis is the developer of Axie Infinity, the popular blockchain-powered play-to-earn game. The firm also developed Ronin, an Ethereum-linked sidechain made specifically for Axie Infinity.
“The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge,” they said.
The team said they are working with law enforcement officials, forensic cryptographers, “and our investors to make sure all funds are recovered or reimbursed.”
According to them, their users are now unable to withdraw or deposit funds to Ronin Network.
“Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed,” the team added.
At 18:44 UTC, AXS trades at USD 65 and is down almost 9% in a day, SLP dropped 11% to USD 0.02, while RON crashed 20%, reaching USD 1.84.
Elliptic said that its internal analysis indicates that the exploiter has already begun laundering their proceeds, with funds originating from the attack already reaching at least “three prominent crypto exchanges.” The exploiter is using both centralized and decentralized exchanges, they added.
“At the time of writing, around USD 16 million in ETH has been laundered in this manner, leaving USD 524 million in various Ethereum accounts which appear to belong to the attacker,” the firm said.
– ApeCoin Smart Contract Exploited, ‘Well-Prepared Claimer’ Walks Away With USD 380K
– DeFiance Founder’s USD 1.76M Loss is a Lesson For NFT Investors
– Poly Network Hacker Keeps Sending Funds Back, Returns USD 342M
(Updated at 19:18 with additional details and comments.)