DeFi’s Biggest Hack Yet – Ronin Bridge Exploited for Over $600 Million in ETH and USDC
Welcome back to the Tribe! In this post we dive into one of the biggest hacks of the DeFi space yet with the Ronin Bridge Exploited.
Nothing should be considered investment or financial advice. Enjoy the ride!
Ronin Bridge Exploited
Six days after the initial attack, the Ronin Network team has revealed that the sidechain was exploited by an unknown hacker. The postmortem audit discovered that 173,600 ETH and 25.5 million USDC was stolen from the Ronin bridge in two transactions.
Ronin’s team has halted the bridge and limited access to the Katana dex until the matter is resolved. The project leads have also contacted relevant law enforcement authorities and alerted exchanges.
One of the Biggest Hacks in DeFi History
According to a statement released on Tuesday (March 29, 2022), a hacker attacked the bridge protocol on Ronin’s Network and stole a considerable amount of digital assets. A total of 173,600 ETH and 25.5 million USDC was reportedly drained from the Ronin bridge.
At current market prices, the exploit is approximately worth a massive $615,200,104. The staggering haul could crown the attack as the biggest in decentralized finance (DeFi) history so far. A majority of the stolen funds remain in the hacker’s wallet here.
Ronin is credited as the blockchain system. currently powering the popular non fungible token (NFT) game Axie Infinity. Also, Ronin functions as a sidechain that leverages the Ethereum network.
How was Ronin Hacked?
The report explained that the unknown hacker exploited the protocol by using stolen private validator keys. Sky Mavis’ Ronin network operates with nine validator nodes and requires at least five of these validators to confirm any deposit or withdrawal action.
According to the details, the hacker gained control of four such validator nodes. Also, a third-party validator operated by the Axie DAO was compromised, giving the hacker the five signatures needed to forge events on the blockchain.
Using the keys, the attacker triggered two withdrawal actions. Although the incident took place on March 23, it remained unknown to the Ronin team till March 29 when a user lodged a complaint regarding the ETH withdrawal function.
Ronin’s Action Plan Post-hack
The statement released on Tuesday details the steps Ronin has taken to mitigate the effects of the exploit, Ronin said that:
- We moved swiftly to address the incident once it became known and we are actively taking steps to guard against future attacks. To prevent further short-term damage, we have increased the validator threshold from five to eight.
- We are in touch with security teams at major exchanges and will be reaching out to all in the coming days.
- We are in the process of migrating our nodes, which are completely separated from our old infrastructure.
- We have temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin to err on the side of caution. The bridge will be opened up at a later date once we are certain no funds can be drained.
- We have temporarily disabled Katana DEX due to the inability to arbitrage and deposit more funds to Ronin Network.
- We are working with Chainalysis to monitor the stolen funds.
Furthermore, Ronin confirmed that all funds in AXS, RON, and SLP are safe. The team said they will continue to find a resolution and ensure that affected users are settled.
Other News – UK FCA’s Deadline
The temporary registration regime set by the UK’s Financial Conduct Authority (FCA) is set to end by March unless extended. With three days left, many crypto firms that have been removed from the register or remain in the register without full approval are at the risk of being shut down. A decision that has led most of them to consider moving operations abroad.
Ronin Bridge Exploited News
Thanks for reading our post on the Ronin Bridge Exploited.
Make sure to follow our Twitter to stay up-to-date on all things crypto!