In one of the biggest crypto heists, hackers stole cryptocurrency worth almost $615 million from blockchain company Ronin systems, the company said in a blog post on Tuesday.
Unidentified hackers stole around 173,600 Ether tokens and 25.5 million USD Coin tokens on March 23, it said. At current exchange rates, the stolen funds are worth about $615 million.
Ronin in its blog post said that the hacker had used stolen private keys and the passwords needed to access crypto funds to make off with the funds. However, “most of the hacked funds are still in the hacker's wallet”, Ronin said in the post.
Huobi will fully support @AxieInfinity as it deals with the aftermath of the attack and theft on its Ronin chain. Any stolen crypto assets that have been discovered to have traversed our exchange and related networks will be dealt with expediently.— Huobi (@HuobiGlobal) March 29, 2022
“We are working directly with various government agencies to ensure the criminals get brought to justice,” said Ronin, adding that it was discussing with Axie Infinity how to ensure no users' funds were lost.
The popular Axie Infinity game, which uses the non-fungible token (NFT) named AXS, is powered by the Ronin blockchain. “We’ve received some questions regarding a recent unlock of AXS tokens from the vesting contract. This was done by Axie Infinity so we could deposit AXS to Ronin Network before pausing the bridge. A part of that AXS will be going to winners in Season 20. We are here to stay,” Axie Infinity tweeted.
Axie Infinity is receiving widespread support on social media. Cryptocurrency exchange Huobi tweeted, “Huobi will fully support @AxieInfinity as it deals with the aftermath of the attack and theft on its Ronin chain. Any stolen crypto assets that have been discovered to have traversed our exchange and related networks will be dealt with expediently.”
"Five validator private keys were hacked; 4 Sky Mavis validators and 1 Axie DAO (decentralised autonomous organisation). The validator key scheme is set up to be decentralized so that it limits an attack vector such as this, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator. This traces back to November 2021 when the Axie DAO validator was allowlisted to distribute free transactions. This was discontinued in December 2021, but the Axie DAO validator IP was still on the allowlist," Ronin Team explained the hacking incident.
"Once the attacker got access to Sky Mavis systems, they were able to get the signature from the Axie DAO validator by using the gas-free RPC," the post described. Ronin was created by Sky Mavis, the developer of Axie Infinity.
At 8:50 am (IST), Axie Infinity was trading at $63.62, down 5.42 per cent in the last 24 hours, according to coinmarketcap.com.