The media has already dubbed the incident the biggest theft in the industry of decentralized networks. It is noteworthy that the owners of the blockchain found out about what happened only a week after the money was withdrawn to a third-party wallet.
The attack was made on the Ronin sidechain used in the game Axie Infinity. The incident happened on March 23, but the owners of the system reported it only on March 29 – one of the users said that he could not withdraw 5,000 ETH, after which the fact of hacking was discovered. The total “mining” of an unknown hacker amounted to 173 thousand Ethereum “coins” worth about $600 million at the current rate, and another 25.5 million USDC tokens quoted at a ratio of 1:1 to the dollar.
The attacker reportedly managed to bypass the system’s defenses based on nine validators. Five keys were enough to use the sidechain. The hacker obtained four of them from the Sky Mavis database (the company that owns Ronin), and one more was extracted from a third-party resource using the RPC protocol . According to the owners of the blockchain, most of the missing funds are now in the wallet of the kidnapper, whose identity has not been established.
Sky Mavis representatives said that they have already contacted law enforcement agencies and are doing everything possible to prevent the loss of users’ funds. They also noted that the in-game cryptocurrency and NFT tokens were not compromised. According to IT analysts, the incident was the largest in the industry – the previous “record” for hacking the Poly Network was about $611 million, but later the hacker returned the stolen goods.