Ronin Bridge Hack: Will it be as lucky as PolyNetwork?
On March 29, Axie Infinity's Ronin Network suffers $610M exploit, making it the largest crypto theft case in history in terms of amount at the time of occurrence (the previous largest amount, PolyNetwork, had already been returned in full at around $600 million). The incident happened on March 23, but was not officially discovered until March 29, prompting criticism from the community. ronin said the amount stolen was 173,600 ETH and 25.5M USDC. it was discovered on March 29 that on March 23, Sky Mavis' Ronin verifier node and Axie DAO verifier node were compromised, resulting in two transactions from The attackers used the hacked private keys to forge fake withdrawals. The attack was not discovered until after users reported on the 29th that they were unable to withdraw 5k ETH from the bridge. Ronin said that Sky Mavis' Ronin network currently consists of nine verified nodes. In order to identify a deposit event or a withdrawal event, five of the nine verifier signatures are required. The attackers managed to take control of four of Sky Mavis' Ronin verifiers and a third-party verifier run by Axie DAO. The background of the matter dates back to last November when Sky Mavis requested Axie DAO's help in distributing free transactions, SlowMist said. Due to the huge user load, Axie DAO whitelisted Sky Mavis and allowed Sky Mavis to sign various transactions on its behalf, a process that was stopped in December. However, access to the whitelist was not revoked, which led to an attacker being able to sign from the Axie DAO verifier via gas-free RPC once he gained access to the Sky Mavis system. sky Mavis' Ronin network currently consists of nine verification nodes, of which at least five signatures are required to identify deposit or withdrawal events. The attackers discovered a backdoor through the gas-free RPC node, and eventually the attackers managed to take control of five private keys, including four of Sky Mavis' Ronin verifiers and a third-party verifier run by Axie DAO. BlockSec analyzed that after the successful fund theft, the attacker immediately transferred the stolen USDC to Uniswap and 1inch in exchange for Ether. The attackers then started to transfer Ether one by one since March 28, and as of now, about 175,913 ETH stolen funds are still in the attackers' address and about 1,279 ETH stolen funds are still in the process of transfer. The attackers received a total of 182,162.86 ETH (of which 173,600 ETH were stolen directly and a total of 8,562.86 ETH were exchanged for the stolen USDC). According to SlowMist's MistTrack analysis, the hackers first distributed 6250 ETH and transferred 1220 ETH to FTX, 1 ETH to Crypto.com and 3750 ETH to Huobi. But SlowMist says this doesn't mean that the hackers were stupid enough not to shuffle coins. This is a common and simple coin laundering technique, using fake KYCs, proxy IPs, fake device information, and so on. From the special intelligence obtained by SlowMist so far, the hackers are not "stupid" and are quite cunning, but there is still hope for recovery, and it is uncertain how long it will take. It also depends on the determination of law enforcement agencies. Safeheron recommends:
Binance said that following the security breach on the Ronin (RON) network, the investigation team is supporting the Axie Infinity team in tracking transactions related to its bridge to identify the hackers. A dedicated monitoring team is in place to monitor any unusual transactions. Wrapped ETH (WETH) withdrawals and conversions from WETH to ETH on the ethereum have also been suspended, with FTX, Huobi and others also indicating action. Axie Infinity and Sky Mavis, the parent company behind Ronin and the Vietnamese game studio, said it will compensate online participants who lost money after hackers stole about $600 million from Ronin bridge, according to Bloomberg. "We are fully committed to compensating our players as soon as possible. We are still working on a solution and this is an ongoing discussion." Sky Mavis has made a lot of money on Axie's project with Ronin, so the community may generally expect to cover losses similar to Jump. The eyes of the world are on the hacker's address, and "how to clean up if you stole $600 million in cryptocurrency" has even become a popular discussion online. will Ronin be as lucky as PolyNetwork in recovering it? It's hard to say yet, but PolyNetwork has a lot of help from all sides as many of the biggest names in the industry are "in it". In contrast, Ronin and Axie are the leading players in the game that have been surging in recent years, but they clearly don't have enough contacts, resources, and experience in the crypto industry. In addition, there have been many recent hacks in the industry, and few have been recovered quickly. For example, the 120,000 ETH stolen from Wormhole was as huge as the amount, and still has not been recovered after Jump filled it directly; the recent Cashio theft of $52 million was so arrogant that the hacker said he would return accounts under $100,000 "with the sole purpose of taking money from people who don't need it, not from people who do ". There is also no news of recovery of the huge amount of coins stolen from multiple centralized exchanges further on. The only lucky one was surprisingly Bitfinex. on February 9 of this year, the US Department of Justice suddenly announced the capture of two people involved in the 2016 Bitfinex theft of nearly 120,000 coins and the recovery of over 94,000 bitcoins. Judging by its history, PolyNetwork's luck may have been truly fortuitous. As SlowMist says, the need for recovery will depend on the determination of law enforcement agencies, especially in the United States, combined with the long-term involvement of a large number of industry security agencies, or even a breach by the hackers themselves. But odds are this will be a long recovery. Reference: https://mp.weixin.qq.com/s/0U58Chw970X2GWcj2fvLPg https://mp.weixin.qq.com/s/mc1a11xnd4Pu27kqKqX_9g https://mp.weixin.qq.com/mp/appmsgalbum?__biz=MzI0ODgzMDE5MA==&action=getalbum&album_id=2000916758660022274#wechat_redirect Follow us Twitter: https://twitter.com/WuBlockchain Telegram: https://t.me/wublockchainenglish If you liked this post from Wu Blockchain, why not share it? |
Older messages
Global Crypto Mining News (Mar 21 to Mar 27)
Monday, March 28, 2022
1. Bloomberg:Exxon Mobil Corp. is running a pilot program using excess natural gas that would otherwise be burned off from North Dakota oil wells to power cryptocurrency-mining operations and is
Investigation report:Is There “Insider Trading” in BINANCE and COINBASE's New Listing
Tuesday, March 22, 2022
This report calculates the price movements of Binance and Coinbase in the week leading up to the listing of the new cryptocurrencies between November 2017 and February 2022, to determine whether the
Global Crypto Mining News (Mar 14 to Mar 20)
Monday, March 21, 2022
1. At its March 12 conference in Chengdu, Bitmainland highlighted the ANTSPACE water-cooled container, which integrates hydronic cooling technology into mining operations and can accommodate up to 210
Global Crypto Mining News (Mar 7 to Mar 13)
Monday, March 14, 2022
1. HIVE announced a supply agreement with Intel Corporation (Nasdaq:INTC) (“Intel”) to purchase new high performing ASIC chips that will be incorporated into state-of-the-art mining equipment that will
BAYC Acquires CryptoPunks and Meebits: The end of the PFP NFT?
Saturday, March 12, 2022
On March 12, Yuga Labs, the parent company of BAYC, announced that it had acquired the IP of the CryptoPunks and Meebits NFT collections from Larva Labs and would soon grant CryptoPunks and Meebits
You Might Also Like
Asia's weekly TOP10 crypto news (Apr 22 to Apr 28)
Sunday, April 28, 2024
1. Hong Kong Bitcoin and Ethereum Spot ETF to Launch on April 30 link On April 27, the Hong Kong Stock Exchange announced the inclusion of several ETF shares into the Central Clearing and Settlement
A Path Forward: Retro Funding and Revitalization | BanklessDAO Weekly Rollup
Sunday, April 28, 2024
Catch Up With What Happened This Week in BanklessDAO ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Polkadot community backs SnowBridge for seamless Ethereum integration
Saturday, April 27, 2024
The SnowBridge proposal has enjoyed unanimous community support and could go live in 28 days. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Weekly Project Updates: Binance Launches Renzo on Launchpool, EOS Introduces New Tokenomics, $SAFE Begins Circulat…
Saturday, April 27, 2024
1. Starknet Foundation Announces Airdrop Redistribution of STRK to Three User Categories link The Starknet Foundation has announced that it will distribute STRK tokens through a retroactive airdrop to
OP's Superchain Vision | Layer 2 Review
Friday, April 26, 2024
Quick Reads and Hot Links Covering the People and Projects Who Are Scaling Ethereum ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Investor exodus from Bitcoin ETFs as BlackRock and Fidelity see significant outflows
Friday, April 26, 2024
BlackRock see back-to-back zero flows as Fidelity's FBTC records first outflow. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Raise your onchain score
Friday, April 26, 2024
New Quests just dropped. Claim APT while you increase your chain score and build your reputation, helping with potential airdrop eligibility Flipside Crypto Hey there, A new Aptos Quest dropped. Claim
NFT & Blockchain Gaming Weekly - 📈 Runes Dominated BTC Transactions Post-Halving
Friday, April 26, 2024
Runes Dominated BTC Transactions Post-Halving. Telegram to tokenise stickers & emojis as NFTs. ApeCoin price drops 66% amid BAYC decline. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
WuBlockchain Weekly: SEC Expected to Reject Ethereum Spot ETF, ConsenSys Sues SEC, CZ trial is approaching and Top…
Friday, April 26, 2024
1. BlackRock's Bitcoin Spot ETF Achieves 70 Consecutive Days of Net Inflows link BlackRock is very pleased with the performance of its Bitcoin spot ETF (IBIT). Since its launch in January of this
Your bi-weekly crypto insights 📊
Thursday, April 25, 2024
Top data-driven insights from across the crypto space, to keep you ahead of trends. This week's top insight: Sei TVL per active address grew 10x since Flipside Crypto Onchain Insider Your bi-weekly