▲圖片標題(來源：cointelegraph)

In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million.

The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game:

The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator nodes, which is also the threshold required to approve a transaction. The Ronin chain currently consists of nine validator nodes and the hacker managed to get access to four of them along with a third-party validator run by decentralized autonomous organization (DAO) Axie DAO.

The root cause for the exploit could be traced back to last year when Axie DAO gave access to Sky Mavis to sign off on transactions on its behalf to mitigate user volume. However, this access was never revoked, which eventually led to backdoor access by hackers resulting in the $600 million hacks.

The exploit took place on March 23, only to be discovered nearly a week later after hackers behind the attack used the stolen funds to short Axie Infinity (AXS) and Ronin (RON). The hackers hoped to make more money on their exploit, thinking the news about the biggest crypto hack would eventually bring down the market, however, they got liquidated before the news broke:

The Ronin bridge was closed in the aftermath, with all deposits and withdrawals halted until the investigation was complete and it may take several weeks before the bridge opens for public use again. The developers behind the game have since sought help from various crypto exchanges and crypto analytic group Chainalysis to track the movement of funds and recover them.

Sky Mavis has ruled out technical vulnerabilities as the core cause behind the exploit and blamed it on social engineering. The developers also promised to reimburse and recover the stolen funds:

“This was a social engineering attack combined with human error from December 2021. Sky Mavis tech is solid and we will be adding several new validators to the Ronin Network shortly to further decentralize the network,” said Axie Infinity co-founder and chief operating officer Aleksander Leonard Larsen.

轉貼自： Cointelegraph

若喜歡本文，請關注我們的臉書 Please Like our Facebook Page： Big Data In Finance