Vietnamese technology company Sky Mavis has confirmed that Ronin, its blockchain that powers its popular NFT-based video game Axie Infinity suffered an external breach that resulted in the theft of around $625 million in crypto.
What we know so far
In its post, Sky Mavis confirmed that the hacker used social engineering tactics to steal 173,600 Ether and 25.5M USDC (currently worth around $625 million combined). Explaining how the hacker was able to pull off the theft, the company said:
“Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.
The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
Most of the stolen funds are still in the hacker’s wallet, which can be viewed here.
What steps are being taken
Sky Mavis discovered the theft had taken place on March 29th, after a user was unable to withdraw 5,000 Ether from Ronin. Immediately after the incident became known, the company began taking steps to protect against future attacks immediately, including deploying “the most sophisticated security measures and processes.” Withdrawals and deposits to the Ronin Network have been temporarily disabled.
The company is currently conducting a thorough investigation into the incident, working with blockchain tracing company Chainalysis to track the stolen funds, and working with various government agencies to ensure that the criminals responsible are brought to justice.
Sky Mavis is committed to recovering or reimbursing all stolen funds, and conversations with the company’s stakeholders are currently taking place to decide how best to do this.
To learn about other crypto/NFT scams and thefts and how you can stay protected, click here.