Axie Infinity Ronin Network Hack | North Korea Lazarus Group Tagged as Hackers
Update April 15, 2022: The FBI said North Korean hacking group Lazarus is behind the attack to the Ronin Network. The US Treasury Department has sanctioned the addresses that received the stolen funds. Sky Mavis said it is still in the process of adding more security measures and expects the Bridge to be redeployed by end of April.
Update April 14: Sky Mavis is offering $1M bug bounty for the public to help find vulnerabilities in the Ronin Network.
Update April 7: Sky Mavis announces the release of Axie Infinity: Origin, the version 3 of the game.
Update April 6: Sky Mavis raised $150M from Binance and other investors to reimburse victims of the hack. The company also announced the 5 new validators for Ronin.
Update: April 2: The BSP warned the public of risks associated with “GameFi”
Update March 31, 2022: Lorne Lantz of tracking tool Breadcrumbs wrote an article for BitPinas about how the stolen funds move and what the hacker did to exploit the Ronin Network: Tracking the Stolen Funds from Ronin Network Using Breadcrumbs
Following the Axie Infinity hack last night, twitter user @maxbrand99 shared that he has traced where the hacked amount was transferred into. The user used the application called Breadcrumbs and found that the stolen funds were transferred into crypto wallets Crypto.com, Huobi, FTX, and Binance.
He also mentioned the crypto wallets and noted that he hopes “that one of them will be able to help find the person that did this.”
“We are working directly with various government agencies to ensure the criminals get brought to justice,” –Sky Mavis
The operations of Axie Infinity’s sidechain Ronin bridge and decentralized exchange Katana have been halted late at night on March 29 after suffering an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC) which are worth a combined $625 million.
In a statement, Sky Mavis developers said that they are “currently working with law enforcement officials, forensic cryptographers and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON and SLP (tokens) on Ronin are safe right now.”
The attack focused on the bridge to Sky Mavis’ Ronin blockchain, an intermediary between Axie Infinity and other cryptocurrency blockchains like Ethereum. According to Sky Mavis, an attacker “used hacked private keys in order to forge fake withdrawals.”
Sky Mavis further explained that while the Ronin sidechain has nine validators requiring five signatures for withdrawals and is meant to protect against these types of attacks, “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
Through the backdoor the hacker was able to compromise the network nodes that let the attacker quietly withdraw large quantities of Ethereum and USDC across two transactions, as seen on Etherscan.
The hack occurred on March 23 but the transfer was discovered only last night — nearly a week later — when another user attempted to withdraw 5,000 Ethereum through the bridge.
Due to this incident, Sky Mavis guarantees that it will increase the required number of nodes to eight for transactions to prevent another hacking. They also said that they will reopen the Ronin bridge “at a later date” once it’s certain no more funds can be drained.
One the other hand, the developers assured that the Axies, the non-fungible token pets of the game, haven’t been compromised, nor have the Smooth Love Potion (SLP) and Axie Infinity Shards (AXS), Axie Infinity’s in-game cryptocurrencies.
This article is published on BitPinas: Axie Infinity Ronin Network Hack | Money Has Been Transferred to Binance, FTX, Crypto.com
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.