Pinoy users among the US$625M Ronin network hack victims (Sabong News)

There was another unfortunate incident after the Axie discord server hacking in November 2021. The Ronin Network, Sky Mavis’s layer two Ethereum blockchain system, and Axie DAO validator nodes were compromised and were drained of more than 173,600 Ethereum and about 25.5M USDC from the Ronin bridge. The attacker used hacked private keys to forge fake withdrawals. Thousands of users may have been affected by the hack. Withdrawals using the Ronin network and going to Binance were suspended, effectively freezing the accounts. Users can only hope for the investigation to end and get refunds. Sky Mavis said that the company is working with law enforcement officials, forensic cryptographers, and investors to make sure all funds are recovered or reimbursed. Despite the hack, Sky Mavis assures account holders that all the AXS, RON, and SLP on Ronin are safe right now. Here’s what happened, according to Sky Mavis, the Vietnamese-owned parent company of Ronin. Sky Mavis’ Ronin chain currently consists of nine validator nodes. Five out of the nine validator signatures are needed to recognize a deposit or withdrawal event. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO. The validator key scheme is set up to be decentralized to limit an attack vector similar to the hack that happened, but the attacker found a backdoor through the gas-free RPC node, which they abused to get the signature for the Axie DAO validator. The attack was traced back to November 2021, when Sky Mavis requested help from the Axie DAO to distribute free transactions due to an immense user load. The Axie DAO “allowlisted” Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the “allowlist” access was not revoked. Once the attacker got access to Sky Mavis systems, they were able to get the signature from the Axie DAO validator by using the gas-free RPC. Sky Mavis has confirmed that the signature in the malicious withdrawals matches up with the five suspected validators. According to Sky Mavis, the company has done the following: We moved swiftly to address the incident once it became known and we are actively taking steps to guard against future attacks. To prevent further short-term damage, we have increased the validator threshold from five to eight. We are in touch with security teams at major exchanges and will be reaching out to all in the coming days. We are in the process of migrating our nodes, which is completely separated from our old infrastructure. We have temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin to err on the side of caution. The bridge will be opened up at a later date once we are certain no funds can be drained. We have temporarily disabled Katana DEX due to the inability to arbitrage and deposit more funds to Ronin Network. We are working with Chainalysis to monitor the stolen funds. As of this posting, account holders, including users in the country, have their accounts on hold as the Katana Dex and Ronin Bridge are offline to avoid similar incidents. It’s still unknown who is behind this latest security breach. No groups or individuals claimed responsibility for the attack.