The developers behind the Axie Infinity (AXS) bridge that was hacked for over $600,000,000 ago say they will recover or reimburse of all the stolen funds.
In an updated newsletter, Axie Infinity’s Ronin Network says it is conducting a thorough investigation with blockchain explorer Chainalysis and security company Crowdstrike to discover who stole more than $600 million worth of Ethereum (ETH) and USD Coin (USDC).
The Ronin Network, an Ethereum-linked sidechain made specifically for AXS, announced the hack on Twitter on Tuesday, noting that the Ronin bridge was exploited for 173,600 ETH and 25.5M USDC.
Axie Infinity is a trading and battling game based on the blockchain with players, who are stakeholders, allowed to breed, raise, battle and trade digital collectibles.
The attacker reportedly drained the funds from the Ronin network in two transactions after hacking private keys in order to forge fake withdrawals.
The Ronin chain has nine validator nodes, and five out of the nine signatures are needed to recognize a deposit or withdrawal event.
The attacker secured control of the four nodes belonging to Axie Infinity’s game developer, Sky Mavis, and one controlled by Axie DAO (decentralized autonomous organization), through a combination of social engineering and human error.
Explains Ronin,
“The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.
This traces back to November 2021 when Sky Mavis requested help from the Axie DAO to distribute free transactions due to an immense user load. The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked.
Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC.”
The Ronin Network has temporarily paused the bridge and increased the validator threshold from five to eight.
Aleksander Leonard Larsen, the co-founder and chief operating officer of Sky Mavis and Axie Infinity, says on Twitter that the project plans to add new validators to further decentralize the network.
He also says Sky Mavis is “committed to ensuring that all of the drained funds are recovered or reimbursed.” The Ronin Network is “working directly with various government agencies” to try and catch the hacker.
Most of the stolen funds appear to still be in the hacker’s wallet, according to Etherscan.
The exchanges Binance and Huobi have offered their support to Axie Infinity.
Our team is in touch with AxieInfinity team providing assistance in tracking this issue. https://t.co/pNU4wwrCAq
— CZ 🔶 Binance (@cz_binance) March 29, 2022
Originally Published Here