The Ronin Network announced that hackers had stolen roughly $625 million in cryptocurrency from its blockchain and the play-to-earn Axie Infinity video game network that operates on top of it, according to a statement by the organization. The hackers stole approximately 173,600 of the very popular ether and 25.5 million of USDC, a cryptocurrency pegged to the U.S. dollar.
The incident is now believed to be the biggest theft of cryptocurrency ever. The theft occurred on March 23, but was only discovered and reported later. “The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge,” said the Ronin Network in their statement.
The organization also explained how the attack might have occurred. “Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO,” the statement added.
“The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
For now, the hacker’s crypto wallet is reported to indicate that most of the stolen funds haven’t yet been moved. It is speculated that the criminal is waiting for a safe way to move the money without being caught.