What happened in the attack on the Ronin Bridge?

What happened in the attack on the Ronin Bridge

Ronin Network, a crucial bridge chain that powers Axie Infinity, was attacked resulting in losses of 173,600 Ethereum and 25.5 million USDC, which is equivalent to more than $600 million. Since the March 23 breach, the stolen funds have flowed to FTX, Huobi and CryptoCom, all of which have vowed to take action to trace the funds.

Binance said it had temporarily suspended withdrawals and deposits on the Ronin network.

Sky Mavis, the company behind Axie Infinity, said it would compensate online participants who lost money during the attack on Ronin’s systems.

Stolen funds largely unmoved

According to the analysis conducted by PeckShield Inc, a blockchain security and data analytics firm, the hacker’s main address “0x098B716B8Aaf21512996dC57EB0615e2383E2f96” contained a negligent amount of ETH. That acted as the fee for his subsequent trades to multiple wallets on centralized exchanges.

Later, the attacker transferred the money to several unknown wallets. They used it to send 1,220 ETH to an account on FTX, 3,750 ETH to three Huobi addresses, and 1 ETH to a CryptoCom wallet. However, most of the money is still in the hacker’s main address.

Mistracker’s on-chain analysis revealed that the hacker has been gradually converting USD 25.5 million into ETH since March 23, but it wasn’t until March 28 at 2:38 AM that they started moving the money to different addresses. As of March 30, there was a total of more than 180 ETH in four wallets under the attacker’s control.

To aid the investigation into the incident, Binance has blocked addresses of the potential hacker and suspended all deposits and withdrawals on the Ronin network since March 29. The company also announced that “withdrawals of Wrapped Ether (WETH) on the Ethereum network and the conversion function of WETH to ETH” will be paused.

Aleksander Larson, the COO of Axie Infinity, tweeted that the “internal network is currently undergoing a thorough forensic assessment to ensure there is no lingering threat.” He also admitted it was a “social engineering attack combined with human error from December 2021” that led to the incident.

Cross-Chain Security Vulnerabilities

As reported yesterday by CryptoPotato, since five of the nine validator nodes on the Ronin Chain are required to initiate a deposit or withdrawal, the culprit may have managed to gain control of Sky’s four Ronin validators. Mavis and an external validator run by Axie DAO.

The attacker reportedly completed by locating a backdoor through Ronin’s “gas-free RPC node”, which was used to compromise the Axie DAO validator node. Currently, the validator threshold for withdrawals has been raised to eight out of nine for strengthening network security.

SPECIAL OFFER (Sponsored)
Binance $100 Free (Exclusive): Use this link to register and get $100 free and 10% off Binance Futures fees in the first month (Terms and Conditions).

Special PrimeXBT Offer: Use this link to register and enter the POTATO50 code to receive up to $7,000 on your deposits.

Leave a Reply

Your email address will not be published.