the Ronin hack Archives

The latest report on the Axie Infinity/ Ronin bridge hack is too good to be true. Especially considering the FBI claims a North Korea-sponsored hacking group is responsible for it. “A senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist,” The Block reports. That’s not all, apparently, the hackers’ spyware got into the system through a simple .pdf file. Unbelievable that a $622M hack started that way.

The Ronin Network is an Ethereum sidechain that exclusively serves Axie Infinity. Both a billion-dollar business and a fun app with a thriving internal economy and an international audience, the play-to-earn game was one of the bull market’s biggest success stories. Sky Mavis is the studio behind Axie Infinity. And one of its programmers apparently fell victim to the simplest social engineering trick in the book.

Is North Korea To Blame?

According to surveillance firm Chainalysis, North Korea-sponsored hackers stole over $400M in 2021 alone. And according to the FBI, they’re responsible for the Axie Infinity/ Ronin hack. The alphabet agency traced the funds to wallets associated with North Korean hacking group Lazarus. Does The Block’s article complete or negate this version of the story? It’s hard to see North Koreans pulling a stunt quite like this.

In any case, at the time the FBI was extremely clear in a statement quoted here:

“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th.”

If true, they broke their 2021 record with just one operation.

How Did The Axie Infinity/ Ronin Hack Happen?

The hack’s supposed story is hilarious, to say the least. According to The Block:

“Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter.”

After several rounds of interviews, one of Sky Mavis’ developers got an extremely generous offer. He opened up Pandora’s box and all hell broke loose.

“The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total control.”

To complete the attack, they took control of another entity. Once upon a time, “the Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf.” The permissions were still valid and the hackers took advantage of them. The Ronin bridge’s operators’ post-mortem on the attack describes the fallout.

“The attacker managed to get control over five of the nine validator private keys — 4 Sky Mavis validators and 1 Axie DAO — in order to forge fake withdrawals. This resulted in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transaction”

Did Lazarus’ operators orchestrate such a Hollywoodesque attack? Or does the comedic modus operandi implicate other perpetrators?

AXS price chart on FTX | Source: AXS/USD on TradingView.com
Previous Coverage Of The Axie Infinity/ Ronin Hack

Let’s turn to archival material to complete the story and add extra detail. After the breach happened, NewsBTC reported on Axie Infinity and Sky Mavis’ first solution to the problem:

“The latest move announced is a $1 million bug bounty program that invites white hat hackers to stress test the blockchain.

Co-Founder and COO of Sky Mavis and Axie announced: “Calling all whitehats in the blockchain space. The Sky Mavis Bug Bounty program is here. Help us keep the Ronin Network secure while earning a bounty up to $1,000,000 in bounty for fatal bugs.”

And then, when operators reopened the new and improved Ronin bridge, our sister site Bitcoinist reviewed its characteristics:

“In addition to the two independent audits on its smart contracts, the Ronin Bridge’s new design has implemented a new “circuit-breaker” feature. This was directly added to prevent a bad actor from replicating the previous attack or exploiting any potential new attack vector.”

So, the Ronin bridge seems to be safe to use at the moment. It also seemed to be safe to use before the hack, though. Do your own research and be safe out there.

Featured Image by Niek Verlaan from Pixabay | Charts by TradingView

The popular blockchain game Axie Infinity has been left shaking after the $650 million Ronin bridge hack. The studio behind the game, Sky Mavis, has been taking multiple measures to try to secure the network and win back the confidence of users. The latest move announced is a $1 million bug bounty program that invites white hat hackers to stress test the blockchain.

Co-Founder and COO of Sky Mavis and Axie announced: “Calling all whitehats in the blockchain space. The Sky Mavis Bug Bounty program is here. Help us keep the Ronin Network secure while earning a bounty up to $1,000,000 in bounty for fatal bugs.”

The Ronin Hack

On March 23rd, a hacker was able to scoop $600 million from the Ronin bridge. It is the largest hack in the history of decentralized finances so far. The Ronin Network team confirmed that Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised as the attacker used “hacked private keys in order to forge fake withdrawals.”

The attack was uncovered after the attacker was unable to withdraw 5k ETH from the bridge. But it was too late, as they had already drained 173,600 Ethereum and 25.5M USDC from the Ronin bridge in two transactions.

The Ronin team stated that they are working with law enforcement officials, forensic cryptographers, and investors “to make sure all funds are recovered or reimbursed,” and added that “All of the AXS, RON, and SLP on Ronin are safe right now.”

“While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack. It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this.”

As a response, the Sky Mavis team raised $150 million led by crypto exchange Binance with participation from Animoca Brands, a16z, Dialectic, Paradigm, with the goal to reimburse all the funds stolen during the hack to the affected users.

Since then, the team has been working with Chainalysis and Crowdstrike “to monitor the stolen funds” and “to handle forensics and the setup of surveillance tools.”

Bridges can be a vulnerable point for blockchain projects, and this hack set a big warning about it. Bridges connect blockchains with the purpose of enabling transactions between tokens built on different ecosystems. However, bridges have a complex code and don’t have enough security standards yet, and hackers are gazing upon them to spot any vulnerability.

Related Reading | Hacker Scoops Up $2 Million Bounty After Spotting Fatal Flaw In Ethereum Rollup

$1M Bounty

Bridges can be so complex that it is not 100% clear if code auditing is enough to ensure the Ronin bridge’s safety. The Ronin team had stated that they are in the process of “implementing rigorous internal security measures to prevent future attacks.”

“The Ronin Network bridge will open once it has undergone a security upgrade and several audits, which can take several weeks.”

Now, they are calling in all white-hat hackers of the blockchain to search for vulnerabilities in exchange for a handsome reward. The team has given a list of products that should be stress-tested while prioritizing smart contracts and blockchain, websites, and apps. They noted that the only vulnerabilities that are considered eligible for monetary rewards are those with a working proof of concept that shows how they can be exploited.

Rewards for Smart Contracts and Blockchain vary from $1,000 to $1,000,000, and for Web and Apps, they vary from $50 to $15,000. All rewards will be paid in AXS tokens and only a specified portion of the received funds can be liquidated per month.

“It is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $1,000,000″ the announcement stated and added that “Sky Mavis may award an additional reward bonus for exceptional reports.·

Axie Infinity (AXS) Price

For the past weeks, Axie Infinity’s token AXS has been tumbling, falling around 30% after the hack. However, traders are watching out for a breakout above the key resistance level of $58 as the current zone has previously served for accumulation, which could mean a rebound for AXS. However, there also seems to be a risk to trigger a head-and-shoulders pattern, which could sink AXS further down. The token is down 0.09% in the last 24 hours.

Related Reading | Axie Infinity Smooth Love Potion (SLP) Explodes With 300% Gain This February

AXS at 47 USDT in the daily chart | AXSUSDT on TradingView.com