Axie infinity’s official Discord and Ronin Network’s official Substack pages reveal that Katana Dex and the Ronin Bridge were halted after suffering exploits for 173,600 Ethereum and 25.5 Million USD Coin ( USC), which are worth $612 million each at Tuesday’s prices. Its developers stated that they are currently working with law enforcement officials and forensic cryptographers to ensure all funds are returned or reimbursed. All AXS, SRON, and SLP tokens on Ronin are currently safe.
Ronin developers claim that the attacker used hacked keys to create fake withdrawals. He then drained the funds from Ronin bridge in two transactions. The hack was discovered Tuesday by Ronin developers. It occurred on Wednesday, March 23, but the issue was only discovered after a user failed to withdraw 5,000 ETH from the Ronin Bridge. RON, Ronin’s primary governance token has dropped nearly 20% to $1.88 at the time of publication.
Sky Mavis’ Ronin Chain currently has nine validator nodes. At least five signatures must be obtained to confirm a withdrawal or deposit. Five private keys were accessed by the attacker, which included Sky Mavis’s Ronin validators as well as a third-party validator, run by Axie Decentralized Autonomous Organization (or DAO). It was particularly time-consuming to gain unauthorized access.
Sky Mavis, who developed the Axie Ronin and Axie Infinity ecosystems, asked for assistance from the Axie DAO to distribute free transactions after a spike in users. Sky Mavis was whitelisted by the Axie DAO to sign transactions on its behalf. The process was stopped in December. Access to the whitelist, however, was not revoked.
After gaining access to Sky Mavis systems, the attackers obtained the final signature of the Axie DAO validator. This completed the node threshold for illicit siphoning funds from Ronin. The attacker still has most of the stolen funds in his wallet at the time of publication.