IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber attackers' NFT blockchain heist nets hundreds of millions in stolen cryptocurrency

Ronin blockchain owner Sky Mavis said it's working with outside experts to ensure the stolen funds are returned to owners

The Ronin blockchain has been hacked, its owner Sky Mavis has confirmed, and around $600 million worth of cryptocurrency has been stolen as a result.

Ronin is the blockchain that powers NFT game Axie Infinity and on Monday it became aware of a cyber attack that took place on 23 March. Hackers obtained private keys to the blockchain and used them to initiate fake withdrawals.

Sky Mavis said it became aware of the hack only when one of its users attempted to withdraw 5,000 Ethereum tokens but was unable to.

The hackers are said to have stolen 173,600 Ethereum tokens and 25.5 million USD Coins (USDC). Sky Mavis said it is working with law enforcement, forensic cryptographers, and its investors to ensure all the funds are recovered or reimbursed.

“We are working directly with various government agencies to ensure the criminals get brought to justice,” Sky Mavis said in a blog post detailing the incident.

“We are in the process of discussing with Axie Infinity / Sky Mavis stakeholders about how to best move forward and ensure no users' funds are lost. Sky Mavis is here for the long term and will continue to build.”

The hack stemmed from the proof-of-stake blockchain’s validator nodes, the majority of which were under the hackers’ control through stolen private keys, Sky Mavis said. 

Validator nodes replace the energy-demanding computation required in proof-of-work blockchains like Bitcoin’s. These nodes review transactions to confirm everything in that block is accurate before approving them.

Ronin’s blockchain has nine validator nodes. The fewer nodes on a blockchain, the quicker transactions are signed, but comes at a cost of security as evidenced in the Ronin hack.

At least five validator signatures of the nine are needed to approve a transaction. The hacker obtained four of Sky Mavis’ Ronin validators and also abused a third-party validator run by Axie DAO. 

Sky Mavis was allowlisted on Axie DAO’s validator back in November when the two companies collaborated on a case. Most of the access was revoked the following month but the hackers exploited the remaining access to sign the fifth validator, approving the heist’s transaction.

In response, Sky Mavis said it’s taking active steps to safeguard against future attacks, is currently migrating its notes, and has temporarily paused the Ronin Bridge and Katana DEX. Sky Mavis is also raising the required number of validator signatures from five to eight.

Related Resource

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

The whitepaper title on a strip of swirling blue and purple diagonal across the pageFree download

“Through this unfortunate event, we hope to remind users and projects of the importance of proper private key management,” said Ronghui Gu, CEO and co-founder at crypto security auditor CertiK, to IT Pro. “Sky Mavis applied a multisig to avoid the single point of failure, which is a great step in security. 

“However, during an event for Axie DAO growth, access was given to the Axie DAO validator access to distribute free transactions back in November 2021. This access was not revoked later and gave the attacker access. It is very important to remember to revoke the allow list or white list access after an event or function is completed.”

The hack on the Ronin blockchain has already been described as one of the biggest hacks related to cryptocurrency to date, following a series of similar attacks sparking a global trend in 2021.

“This latest attack aimed at stealing cryptocurrency assets is, unfortunately, the latest in a long-standing and growing trend,” said Steve Forbes, government cyber security expert at Nominet to IT Pro.

“The last few months of 2021 saw cyber criminals steal nearly $200 million worth of cryptocurrency from BitMart, which was quickly followed by an attack on 400 Crypto.com users. The attack being reported today against the gaming-focused Ronin Network is already speculated as being the largest crypto hack to date, with an estimated $625 million stolen in a combination of Ethereum and US dollars.”

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022