Someone stole $625 million USD hacking the ‘Axie Infinity’ blockchain; they noticed it a week later

Information security reports indicate that Ronin, the blockchain behind the popular NFT game ‘Axie Infinity’, was the target of a cyberattack that led to the theft of some $625 million USD in cryptocurrency.

According to developer Sky Mavis, the incident occurred on March 23, but was discovered until today when a user tried unsuccessfully to withdraw $5,000 USD in Ethereum from Ronin. The developer mentions that the attack involved the use of hacked private keys by exploiting a severe vulnerability in the service.

In total, the attack would have led to losses of 173,600 units of Ethereum, equivalent to about $600 million USD at the current exchange rate, in addition to $25 million USD in USDC, a stablecoin linked to the US dollar. During the attack, sky Mavis’ Ronin and Axie DAO validation nodes were compromised.

In its informative documents, Ronin details that the Sky Mavis chain is composed of nine validation nodes; to recognize a transaction at least 5 of the 9 signatures available are required, so it is believed that threat actors managed to obtain four signatures from Sky Mavis and one more from Axie DAO, although this has not been confirmed.

Those responsible for Ronin also mention that, while the system is perfectly capable of containing such an attack, threat actors would have found a backdoor to access the signature needed to validate fraudulent transactions.

Ronin assures that the necessary measures will be taken to protect the blockchain infrastructure against subsequent attack attempts, starting by increasing the validation threshold from five to eight signatures. It will also have the collaboration of the security teams of some exchange platforms and migrating their nodes to a new infrastructure.

The platform also discontinued its connection to services such as Binance, confirming that these features will be available again once the risk is fully mitigated.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.