Axie Infinity’s Ronin Network Suffers $625M Exploit

The latest crypto hack may be the largest yet.

The gaming-focused Ronin Network announced Tuesday a loss of over $625 million in USDC and ether (ETH).

According to a blog post published by the Ronin Network’s official Substack, the exploit affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.

An attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan.

While the Ronin sidechain has nine validators requiring five signatures for withdrawals and is meant to protect against these types of attacks, the blog post notes that “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

The blog post pegged the losses at 173,600 ether and 25.5 million in USDC, currently worth in excess of $625 million.

Back in August 2021, a hacker made off with $611 million in an exploit of cross-chain decentralized finance (DeFi) protocol Poly Network. The vast majority of the funds were returned.

The Ronin attacker’s Ethereum address is a fresh address that transferred ETH in from the Binance exchange one week ago. Etherscan records show that the attack took place last Wednesday.

The majority of the funds remain in the attacker’s address, though 6,250 ETH has been transferred to various other addresses.

The Ronin Bridge and the Katana automated market maker (AMM) have both been paused while investigations are ongoing.

“We are working directly with various government agencies to ensure the criminals get brought to justice,” the blog notes.

The price of RON, the native token of the Ronin network, is down 27% on the news, according to CoinGecko.

This is a developing story and will be updated.

UPDATE (March 29, 16:20 UTC): Adds price of RON.