Axie Infinity Suffers Largest Hack in DeFi History

The Ronin Network, an Ethereum-based sidechain that supports the popular Axie Infinity game created by Sky Mavis announced it suffered what appears to be the largest security exploit in DeFi history.

According to a blog post published on Tuesday, Ronin confirmed its project was hacked last week, resulting in the loss of $625 million, which equates to about 173,500 ether and 25.5 million USDC tokens. The exploit affected the validator nodes of the Ronin Network, the publisher of the popular Axie Infinity game, as well as the Axie decentralized autonomous organization (DAO).

The cyber criminal was able to generate fake withdrawals via compromised private keys from the Ronin bridge. Although transactions on the sidechain have additional security measures that require five out of the nine signatures for validation, the hacker was able to find a “backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

Etherscan records suggest the theft occurred on March 23, and that the attacker was able to transfer the stolen ether in from the Binance exchange. Most of the funds are still on the hacker’s ethereum address, but about 6,250 ether has been moved to numerous other addresses. Both the Ronin Bridge and the Katana automated market maker (AMM) have been temporarily halted while investigators look into the matter. “We are working directly with various government agencies to ensure the criminals get brought to justice,” read the blog post.

The latest hack is likely the largest in DeFi history, surpassing the $611 million stolen from the the Poly Network back in August 2021.

Information for this briefing was found via the Ronin Blockchain. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.

Leave a Reply