Connect with us

Hi, what are you looking for?

Technology

Hackers steal $620M in Ethereum and dollars from Axie Infinity maker Sky Mavis’ Ronin network

yield guild games

GamesBeat Summit 2022 returns with its largest event for leaders in gaming on April 26-28th. Reserve your spot here!

Sky Mavis reported that the Ronin Network which supports its Axie Infinity game has been hacked and thieves stole 173,600 in Ethereum cryptocurrency (worth $594.6 million) and $25.5 million in U.S. dollars, stealing a total of $620 million.

If Sky Mavis, the maker of the Axie Infinity blockchain game, can’t recover the funds, that’s a huge hit to its overall treasury and a black eye for blockchain-based security, as the whole point of putting the game on the blockchain — in this case a Layer 2 network dubbed the Ronin Network — is to enable better security.

The Ronin bridge and Katana Dex enabling transactions have been halted. For now, that means that players who have funds stored on the network can’t access their money right now. The stolen funds only represent a portion of the overall holdings of Sky Mavis and its Axie decentralized autonomous organization (DAO).

“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now,” said Sky Mavis in a statement.

Event

GamesBeat Summit 2022

Re-experience the excitement of connecting with your community live at GamesBeat Summit’s in-person event on April 26 in Los Angeles, CA, and virtually April 27-28. 30+ sessions and 500+ attendees are set to arrive, so don’t want to miss this opportunity to expand your network. Early bird pricing ends March 25. Get your pass today!

Advertisement. Scroll to continue reading.


Register Now

The company said there was a security breach on the Ronin Network itself. Earlier today, the firm discovered that on March 23, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 ETH (valued at $594.6 million at the moment) and $25.5 million drained from the Ronin bridge in two transactions.

So far, the stolen cryptocurrency hasn’t been transferred from the account that did the attack, the company said.

The validator nodes are external entities that verify the information on the blockchain and compare notes with each other to ensure the blockchain’s information is accurate. Blockchain is (believed to be) a secure and transparent digital ledger, and Ethereum is one of the biggest networks based on the technology. Ethereum is both a blockchain protocol as well as the name of the cryptocurrency based on the protocol.

Sky Mavis uses the blockchain to verify the uniqueness of nonfungible tokens (NFTs), which can uniquely authenticate digital items such as the Axie creatures used in the Axie Infinity game. NFTs exploded in popularity last year and enabled Sky Mavis to raise $152 million at a $3 billion valuation in October. But blockchain games also a flashpoint in the industry now as critics say they are full of ponzi schemes, rug pulls, and other kinds of anti-consumer scams.

Ethereum has its drawbacks, as transactions on it are slow and consume a lot of energy, as it taps a lot of computers worldwide to do the verification work. To alleviate that, companies like Sky Mavis have created Layer 2 solutions such as the Ronin Network. That network can execute transactions far more quickly, inexpensively, and with smaller environmental impacts than doing transactions on Ethereum itself.

But this offchain processing comes at a risk, as Sky Mavis has just learned. Sky Mavis set up a network of computing nodes to validate transactions on its Ronin Network, but if hackers can gain 51% control of that network, then they can create fake transactions and steal funds stored on the network.

Sky Mavis said that the attacker used hacked private keys in order to forge fake withdrawals. Sky Mavis said it discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.

Details about the attack

Axie Infinity lets you convert game rewards to real money.
Axie Infinity lets you convert game rewards to real money.

Sky Mavis’ Ronin chain currently consists of nine validator nodes. In order to recognize a deposit event or a withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO.

The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through Sky Mavis’ gas-free RPC node, which the attacker used to get the signature for the Axie DAO validator.

This traces back to November 2021 when Sky Mavis requested help from the Axie DAO to distribute free transactions due to an immense user load. The Axie DAO allowed listed Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allow list access was not revoked.

Advertisement. Scroll to continue reading.

Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC,” Sky Mavis said.

“We have confirmed that the signature in the malicious withdrawals match up with the five suspected validators,” said Sky Mavis.

Actions taken

Axie Infinity
Axie Infinity has two million daily users.

Sky Mavis said it moved swiftly to address the incident once it became known and it is actively taking steps to guard against future attacks. To prevent further short term damage, the company has increased the validator threshold from five to eight.

“We are in touch with security teams at major exchanges and will be reaching out to all in the coming days,” the company said. “We are in the process of migrating our nodes, which is completely separated from our old infrastructure.”

The company has also temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin to err on the side of caution. The bridge will be opened up at a later date once the company is certain no more funds can be drained.

Sky Mavis has also temporarily disabled Katana DEX to due to the inability to arbitrage and deposit more funds to Ronin Network. And it is working with Chainalysis to monitor the stolen funds, as transactions on the blockchain can be tracked.

Next steps

Axie Infinity
Axie Infinity has generated $2 billion in sales and resales.

The company said it is working directly with various government agencies to ensure the criminals get brought to justice.

“We are in the process of discussing with Axie Infinity / Sky Mavis stakeholders about how to best move forward and ensure no users’ funds are lost,” the company said.

Originally, Sky Mavis chose the five out of nine threshold for validators as some nodes didn’t catch up with the chain, or were stuck in syncing state. Moving forward, the threshold will be eight out of nine. The company will be expanding the validator set over time, on an expedited timeline.

Most of the hacked funds are still in the hacker’s wallet:

https://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96

Advertisement. Scroll to continue reading.

Sky Mavis is figuring out exactly how this happened.

“As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats. We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks,” Sky Mavis said.

The company said that ETH and USDC deposits on Ronin have been drained from the bridge contract. Sky Mavis said it is working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. All of the AXS, RON, and SLP on Ronin are safe right now, the company said.

“As of right now users are unable to withdraw or deposit funds to Ronin Network. Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed,” the company said.

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Learn More

Click to comment

Leave a Reply

Latest

Texas

A Kemp’s Ridley sea turtle, the world’s rarest and most endangered sea turtle species, recently made the Galveston shoreline its home, laying eggs on...

Georgia

Firefighters battled an apartment fire in South Hall Monday afternoon, according to authorities. Hall County firefighters were on scene before 5 p.m. Monday, Aug....

California

The Biden administration will halt the use of a Trump-era policy that forced migrants seeking asylum to remain in Mexico, after a Supreme Court...

Washington

Comment on this storyComment PARIS — French environmentalists will try to move a dangerously thin beluga whale that strayed into the Seine River last...

Online Business Success

British-Pakistani member of the House of Lords Aamer Sarfraz. — Photo by author Lord Aamer Sarfraz seeks to end regressive conditions to IMF loans. “We...

Florida

GAINESVILLE, Fla. – With the start of the fall semester now drawing near with the arrival of August, members of the Florida baseball program...

Advertisement

You May Also Like

Uncategorized

Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...

Advertisement