Popular online game Axie infinity’s bridge called Ronin Network suffered an exploit losing more than half a billion funds in one of the biggest crypto attacks to date. The breach took place on March 23 but was discovered only on 30 March, Tuesday, according to the blog, published by Ronin detailing the incident.
So what exactly happened?
Blockchain bridge is software that enables cross-chain communication allowing tokens to be transferred. Attackers drained 173,600 Ether and 25.5 million USDC tokens from the network in two transactions. The stolen funds were siphoned off in two cryptocurrency exchanges, according to blockchain forensics firm Elliptic.
Ronin in its blog said it’s in contact with several cryptocurrency exchanges along with blockchain data analytic Chainalysis to monitor the movement of the stolen funds. The network also stated that it’s working with law enforcement agencies.
Following the incident, the price of Ronin’s token RON took a steep fall of 22%. AXS, of Axie Infinity, too reacted by losing as much as 11%, according to CoinMarketCap.
Blockchain bridges have some major flaws
The attack highlights how bridges are susceptible to malicious actors. Experts say that these are run by unaudited computer codes, making them vulnerable to attackers. On top of that, the identities of validators/nodes, who run the transactions are not known, which makes it difficult to track suspects.
Expressing surprise, Wilfred Daye, head of Securitize Capital, the asset-management arm of Securitize Inc. said, “The fact that nobody notices for six days scream aloud that some structure should be in place to watch illicit transfers.” Another red flag, according to Tom Robinson, co-founder of Elliptic, is the bridge’s centralized architecture.
“In this case, the issue was that the bridge was highly centralized, the theft came as a result of someone hacking the ‘validator nodes’ of the Ronin Bridge. “Funds can be moved out of the bridge if five of the nine validators approve it. The hacker managed to get hold of the private cryptographic keys belonging to five of the validators so that was enough to steal the crypto assets.”
Kelvin Fichter, a developer felt that the Ronin was heavily dependent on validator-based bridges which he termed a “Fundamental error”. Fichter also pointed out that the network’s “minimal monitoring and alerting” system provided the hacker’s a solid ground to launch their attack.