The largest cryptographic breach in 2022 for $615 million
Cryptocurrency projects continue to be subjected to hacker attacks, some of them are successfully completed. This time, Sky Mavis suffered, whose game Axie Infinity turned out to be the most popular in 2021 in the NFT space, and the turnover of tokens exceeded $ 4 billion.
For its projects, Sky Mavis uses its own Ronin blockchain, which is the Ethereum sidechain. This is done to speed up payments and reduce commission. The flip side of the coin turned out to be security: five validator nodes out of nine were responsible for confirming transactions. The hacker managed to crack the private keys of four of them, as well as gain access to the signature of a third-party validator Axie DAO.
As a result of the hack, the attacker stole 173,600 Ethereum and 25.5 million USDC, which at current prices is about $ 615 million. The theft occurred on March 23, but it became known about it only yesterday, when one of the users was unable to make a transaction for 5 thousand rubles.
ETH via the Ronin Bridge.
To prevent further leakage of funds, Sky Mavis suspended the operation of the Ronin bridge, and the threshold of necessary validators for signing transactions was increased to eight. Due to the impossibility of further arbitration, the Katana decentralized platform was also shut down. The company assures users that it makes every effort to recover the stolen funds and interacts with law enforcement agencies to identify the criminal. It is also noteworthy that after the theft, the bulk of the funds remains motionless all this time.
It is possible that a “white hacker” (white hat) is behind the hacking. Such a hacker, after hacking, waits for the company to find a vulnerability, after which he returns the stolen funds (sometimes leaving himself a “tip”). This allows you to avoid criminal prosecution, demonstrate weaknesses in the defense and at the same time declare yourself. For example, last year an unknown person hacked the Poly Network and withdrew about $ 600 million in various cryptocurrencies. Later, he returned all the unblocked funds, embedding messages for the company in transactions.
No matter how this story ends, a security hole is a blow to the image. During the day, the Ronin coin fell by 20%, and the AXS token – by 8%. Earlier, the Sky Mavis team expressed the hope that its sidechain would be used by third-party gaming platforms. Now this is unlikely.