The Ronin bridge and Katana Dex have been halted following an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC), worth a total of $612 million at Tuesday’s prices, according to Axie Infinity’s official Discord and Ronin Network’s official Twitter thread, as well as its Substack page.
The creators claimed in a statement that they are actively working with law enforcement, forensic cryptographers, and our investors to ensure that all monies are recovered or refunded. Right now, all AXS, RON, and SLP tokens on Ronin are secure.
According to Ronin engineers, the attacker utilized compromised private keys to create bogus withdrawals, depleting cash from the Ronin bridge in just two transactions. More crucially, the attack took place on March 23 but was only detected on Tuesday because a user allegedly found difficulties after attempting to withdraw 5,000 ETH from the Ronin bridge.
RON, Ronin’s primary governance token, has dropped over 20% in the last hour to $1.88 at the time of posting. Sky Mavis’ Ronin chain presently has nine validator nodes, with a minimum of five signatures required to acknowledge a deposit or withdrawal event.
The attacker gained control of five private keys, including four validators maintained by Sky Mavis and a third-party validator run by Axie Decentralized Autonomous Organization, or DAO. It took a long time to get illegal access to the latter.
Sky Mavis, the creator of the Axie Infinity and Ronin ecosystems, sought assistance from the Axie DAO in November to award free transactions owing to an increase in the number of users. Sky Mavis was whitelisted by the Axie DAO to sign different transactions on its behalf, and the procedure was terminated in December. Access to the whitelist, however, was not withdrawn.
After gaining access to Sky Mavis systems, the attacker received the last signature from the Axie DAO validator, completing the node threshold necessary for the illegal siphoning of cash from Ronin. At the time of publishing, the majority of the compromised cash were still in the attacker’s wallet.