Ronin bridge suffers $600m loss №1 case on the Rekt Database

Ronin Network, an Ethereum sidechain that was created specifically for the needs of the blockchain game Axie Infinity suffered an approximate $615,500,000 loss due to the hack.

There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP

— Ronin (@Ronin_Network) March 29, 2022

The story tells that the case has a root-associated Sky Mavis. Sky Mavis is the developer of the Axie Infinity game and one of the major node validators of the Ronin chain, which owns 4/9 nodes: https://explorer.roninchain.com/validators

Sky Mavis sought assistance from the Axie DAO in November 2021 to distribute free transactions owing to a massive user load. Sky Mavis was authorized by the Axie DAO to sign numerous transactions on its behalf. This was ended in December 2021, although access to the allowlist was not removed.

On March 29th, the Sky Mavis team detected the security weakness after receiving a tip that a user was unable to withdraw $5,000 ETH from the bridge.

Later this day, after gaining access to Sky Mavis systems, the attacker was able to get the signature from the Axie DAO validator utilizing the gas-free RPC. In order to fabricate false withdrawals, the attacker exploited compromised private keys. As a result, Sky Mavis’ Ronin validator nodes and Axie DAO validator nodes were hacked, leading to 173,600 Ethereum and 25.5 million USDC being siphoned from the Ronin bridge in the following transactions:
https://etherscan.io/tx/0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7

https://etherscan.io/tx/0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08

In addition, the fact should be pointed out, that actually the hack was started 6 days before the Ronin team found the flaw, when the hacker had already withdrawn 8,500 ETH. Transactions, which were related to the hacker’s addresses:
https://etherscan.io/address/0xe708f17240732bbfa1baa8513f66b665fbc7ce10#internaltx

https://etherscan.io/address/0x665660f65e94454a64b96693a67a41d440155617#internaltx

“The Ronin bridge and Katana Dex have been halted” — the team stated.

After the incident, the hacker started to transfer funds to many external wallets. Several final recipients started to withdraw funds to the centralized exchanges’ hot wallets:
1.https://etherscan.io/address/0x036587e77eabe6a7e181886a5a6ed10dc25654f9

2.https://etherscan.io/address/0x82906886796d110b7ec4c54f6611fb29128699dd

3.https://etherscan.io/address/0xbc771fb7b6a8876d09fd2e3e2f17fbc91896d8c8

What is interesting, is that the first address deposited received 1,219.96 ETH on the FTX exchange, the second one transferred out ~1 ETH on Crypto.com, while the third one withdrew 3,750 ETH on Huobi in several txns (1,2,3):

Imagine stealing 600 million 6 days ago and depositing money on @FTX_Officialhttps://t.co/nYWYC1jJ1J pic.twitter.com/YGzr7uyk5Q

— Igor Igamberdiev (@FrankResearcher) March 29, 2022

Sam Bankman-Fried, CEO of the FTX exchange, replied that he is already acknowledged this incident and they are in the process of investigation:

Imagine stealing 600 million 6 days ago and depositing money on @FTX_Officialhttps://t.co/nYWYC1jJ1J pic.twitter.com/YGzr7uyk5Q

— Igor Igamberdiev (@FrankResearcher) March 29, 2022

Huobi exchange is officially involved in the investigation as well:

Huobi will fully support @AxieInfinity as it deals with the aftermath of the attack and theft on its Ronin chain. Any stolen crypto assets that have been discovered to have traversed our exchange and related networks will be dealt with expediently.

— Huobi (@HuobiGlobal) March 29, 2022

Binance team has also joined, as the hacker was initially funded from Binance hot wallet:

Our team is in touch with AxieInfinity team providing assistance in tracking this issue. https://t.co/pNU4wwrCAq

— CZ 🔶 Binance (@cz_binance) March 29, 2022

№1 on the Rekt Database

Ronin hacking incident moved Poly Network and Wormhole cases to 2nd and 3rd places respectively. Bridges are increasingly being hacked because they are an appetizing target to attack, operating large sums of funds every day.

“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.” — the Ronin team said.

To stay safe and avoid being a victim of incidents like these crypto scams, be sure to use the De.Fi Audit/Rekt databases to do your research on the scam or attack history of certain protocols you’re interested in investing in. Also, be sure to use our scanner and other security tools to scan the security and safety profile of every DeFi project you’re engaged with or looking at. Enjoy and be safe DeFi friends.

As always, stay safe and DYOR!

Check other rekt cases at De.Fi Rekt Database
For more De.Fi updates you can visit us at:

🌐 Website | 📱 Telegram | 🐦Twitter

Check our Rekt stories:
$1.7 million lost: DeFiance Capital founder Arthur Cheong became a victim of the hack
Arthur, a founder of DeFiance Capital — a leading Web3 crypto venture fund that is focused on DeFi and Blockchain…blog.de.fi…
Over $20m lost in early March: DeFi Rekt Stories
$20M Lost??? 13 REKT cases investigated: Early March recap!blog.de.fi
376M Lost in February: REKT Investigation
At the end of this month, our specialists counted a whopping 22 Rekt cases with a total amount loss of more than…blog.de.fi
Wormhole exploit: the second-largest DeFi hack ever
2nd place on the Rekt Databaseblog.de.fi
Report: $2.4B+ Lost in DeFi Exploits and Scams in 2021
Introductionblog.de.fi
Top Crypto Scams and Exploits of January 2022
These days a number of people have found themselves falling victim to scams, hacks and pretty much learning that REKT…blog.de.fi