The Pokémon-style NFT fighting game, Axie Infinitywas one of the biggest stories of “success” in the world of games cripto. Now he is also responsible for one of the biggest heists in the history of technology. Ronin Network, a blockchain focused on gaming, announced that a exploit or security breach Axie Infinity allowed a hacker to “drain” approximately $600 million worth of cryptocurrency from the network.
“There has been a security breach in the Ronin Network”, ad the company in your Substack. “Early hours today (Tuesday March 29th), we discovered that on March 23rd, Sky Mavis’s Ronin validation nodes and Axie DAO validation nodes were compromised, resulting in 173,600 Ethereum and 25,000 Ethereum. 5M USDC drained from the Ronin bridge in two transactions.”
The person responsible allegedly used hacked private keys to order the fraudulent withdrawals. How is it possible? You may be asking. According to Ronin, “the attacker found a backdoor through our gasless RPC node, which they abused to obtain the Axie DAO validator signature.”
Basically Ronin’s “sidechain” for games like Axie Infinity uses “9 validation nodes” to prevent fraudulent transactions. However, in November 2021, due to overwhelming demand from new players for AxieRonin granted special privileges to Sky Mavis, the company behind the game, so that it could sign transactions on his behalf.
G/O Media may get a commission
Lanzado en 2018, Axie Infinity ha ganado popularidad en ciertos sectores de Internet con el auge de las NFT y la especulación del mercado en torno a los juegos de blockchain y el metaverso. Axie Infinity is in part a game bug collection and another part deckbuilding battle game, and the game claims to have had 1.8 million daily users last year, and surpassed $4 billion in NFT sales in its entire history earlier this year. Now it appears to have paid a price for its rapid growth, lowering security measures to serve new users quickly.
“Axie DAO listed Sky Mavis as allowed to sign various transactions on its behalf,” Ronin reported. “This was discontinued in December 2021, but the allow list access was not revoked. Once the attacker gained access to the Sky Mavis systems, he was able to obtain the signature of the Axie DAO validator by using the RPC.”
Apparently, Ronin has locked accounts as it continues its investigation into the hack, which means no one can withdraw their funds even as the price of RON, the network’s native token, has crashed. more than 25%.
It is strange how cryptocurrency networks, which boast about their security and decentralization, keep getting robbed. Last August, a hacker took mores de $600 million of Poly Network, although many of the funds were returned later.It’s late. In January of this year, hackers removed mores of $30 million from Crypto.com in what the company initially called a discreet “incident.” Most of those funds were also returned. It remains to be seen what will happen to the latest massive cryptographic gap.