All Articles
All Articles

Ronin bridge suffers $600m loss №1 case on the Rekt Database

Table of Contents

Ronin Network, an Ethereum sidechain that was created specifically for the needs of the blockchain game Axie Infinity suffered an approximate $615,500,000 loss due to the hack.


The story tells that the case has a root-associated Sky Mavis. Sky Mavis is the developer of the Axie Infinity game and one of the major node validators of the Ronin chain, which owns 4/9 nodes: https://explorer.roninchain.com/validators

Sky Mavis sought assistance from the Axie DAO in November 2021 to distribute free transactions owing to a massive user load. Sky Mavis was authorized by the Axie DAO to sign numerous transactions on its behalf. This was ended in December 2021, although access to the allowlist was not removed.

On March 29th, the Sky Mavis team detected the security weakness after receiving a tip that a user was unable to withdraw $5,000 ETH from the bridge.

Later this day, after gaining access to Sky Mavis systems, the attacker was able to get the signature from the Axie DAO validator utilizing the gas-free RPC. In order to fabricate false withdrawals, the attacker exploited compromised private keys. As a result, Sky Mavis’ Ronin validator nodes and Axie DAO validator nodes were hacked, leading to 173,600 Ethereum and 25.5 million USDC being siphoned from the Ronin bridge in the following transactions:
https://etherscan.io/tx/0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7

https://etherscan.io/tx/0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08

In addition, the fact should be pointed out, that actually the hack was started 6 days before the Ronin team found the flaw, when the hacker had already withdrawn 8,500 ETH. Transactions, which were related to the hacker’s addresses:
https://etherscan.io/address/0xe708f17240732bbfa1baa8513f66b665fbc7ce10#internaltx

https://etherscan.io/address/0x665660f65e94454a64b96693a67a41d440155617#internaltx

“The Ronin bridge and Katana Dex have been halted” — the team stated.

After the incident, the hacker started to transfer funds to many external wallets. Several final recipients started to withdraw funds to the centralized exchanges’ hot wallets:
1.https://etherscan.io/address/0x036587e77eabe6a7e181886a5a6ed10dc25654f9

2.https://etherscan.io/address/0x82906886796d110b7ec4c54f6611fb29128699dd

3.https://etherscan.io/address/0xbc771fb7b6a8876d09fd2e3e2f17fbc91896d8c8

What is interesting, is that the first address deposited received 1,219.96 ETH on the FTX exchange, the second one transferred out ~1 ETH on Crypto.com, while the third one withdrew 3,750 ETH on Huobi in several txns (1,2,3):


Sam Bankman-Fried, CEO of the FTX exchange, replied that he is already acknowledged this incident and they are in the process of investigation:


Huobi exchange is officially involved in the investigation as well:


Binance team has also joined, as the hacker was initially funded from Binance hot wallet:

№1 on the Rekt Database

Ronin hacking incident moved Poly Network and Wormhole cases to 2nd and 3rd places respectively. Bridges are increasingly being hacked because they are an appetizing target to attack, operating large sums of funds every day.

“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.” — the Ronin team said.

To stay safe and avoid being a victim of incidents like these crypto scams, be sure to use the De.Fi Audit/Rekt databases to do your research on the scam or attack history of certain protocols you’re interested in investing in. Also, be sure to use our scanner and other security tools to scan the security and safety profile of every DeFi project you’re engaged with or looking at. Enjoy and be safe DeFi friends.

As always, stay safe and DYOR!

Check other rekt cases at De.Fi Rekt Database
For more De.Fi updates you can visit us at:

🌐 Website | 📱 Telegram | 🐦Twitter

Check our Rekt stories:
$1.7 million lost: DeFiance Capital founder Arthur Cheong became a victim of the hack
Arthur, a founder of DeFiance Capital — a leading Web3 crypto venture fund that is focused on DeFi and Blockchain…blog.de.fi

Over $20m lost in early March: DeFi Rekt Stories
$20M Lost??? 13 REKT cases investigated: Early March recap!blog.de.fi

376M Lost in February: REKT Investigation
At the end of this month, our specialists counted a whopping 22 Rekt cases with a total amount loss of more than…blog.de.fi

Wormhole exploit: the second-largest DeFi hack ever
2nd place on the Rekt Databaseblog.de.fi

Report: $2.4B+ Lost in DeFi Exploits and Scams in 2021
Introductionblog.de.fi

Top Crypto Scams and Exploits of January 2022
These days a number of people have found themselves falling victim to scams, hacks and pretty much learning that REKT…blog.de.fi

More from De.Fi

CoinGecko Alternative: The De.Fi Crypto Dashboard

Fundamental analysis is an essential part of life for anyone navigating the digital currency market. For years, CoinGecko has been a reputable place for this, known for its rich data and user-friendly interface. Until recently, it has been unrivaled in terms of convenience.

How to Track Multiple Crypto Wallet Addresses

Managing assets across multiple wallets and blockchains can quickly become overwhelming in the fast-evolving world of crypto. Whether you’re an investor, trader, or DeFi enthusiast, you likely hold assets across various chains, platforms, and wallets. This is where effective crypto wallet tracking becomes essential.

© De.Fi. All rights reserved.