According to a statement from ronin network's official substack, the attacker "used stolen private keys" to make fake withdrawals from the Ronin Bridge through two transactions, as seen on Etherscan. The attack affected the authentication buttons Ronin Network provided to Sky Mavis, the publisher of the popular Axie Infinity game, and Axie DAO.
Explaining the incident, Ronin Network said that in order for its chain to be set up to nine validators, it requires five out of nine consensus Nodes to withdraw money to protect against these types of attacks, but hackers still find the back door through the RPC button that does not contain "gas fee". They abused that vulnerability to take control of five nodes, including four from Sky Mavis and one by Axie DAO.
The total damage is estimated at 173,600 Ether and $25.5 million, more than the attack that occurred with poly network in August 2021 ($611 million).
According to the investigation, Ronin's Ethereum address is a new address that transferred ETH from binance exchange a week ago. Etherscan records show the attack took place last Wednesday. The majority of the money remains in the attacker's address, although 6,250 ETH has been transferred to many other addresses.
Ronin Network and the Katana Decentralized exchange (AMM) have both been suspended during the investigation.
"We are working directly with law enforcement agencies to quickly find the culprits." The Ronin Network blog says.
After retrieving the transaction history, the team contacted the exchanges for assistance in tracking and freezing the marked hacker's wallet as needed. In addition, internal security experts are also looking to raise transaction censorship conditions to 8/9 nodes, while also filling security vulnerabilities.The Ronin Network team has also reassured investors that AXS, RON and SLP on the platform are now safe.
According to CoinGecko, the price of RON, the original token of the Ronin network, has dropped by 27%.
