In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million.
The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game:
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator nodes, which is also the threshold required to approve a transaction. The Ronin chain currently consists of nine validator nodes and the hacker managed to get access to four of them along with a third-party validator run by decentralized autonomous organization (DAO) Axie DAO.
The root cause for the exploit could be traced back to last year when Axie DAO gave access to Sky Mavis to sign off on transactions on its behalf to mitigate user volume. However, this access was never revoked, which eventually led to backdoor access by hackers resulting in the $600 million hacks.
The exploit took place on March 23, only to be discovered nearly a week later after hackers behind the attack used the stolen funds to short Axie Infinity (AXS) and Ronin (RON). The hackers hoped to make more money on their exploit, thinking the news about the biggest crypto hack would eventually bring down the market, however, they got liquidated before the news broke:
You cannot make this upHacker steals $600MM in ETH from Ronin blockchain the one underlying Axie Hacker then goes short Ronin & AXS (Axie token) knowing as soon as news breaks that tokens will plummet But NO ONE
Read more on cointelegraph.com