Hacker Steals More than $600 Million in Cryptocurrency from the Blockchain of NFT game, Axie Infinity

The biggest crypto-related heist to date

Dennis B Price | March 30, 2022

Hacker Steals More than $600 Million in Cryptocurrency from the Blockchain of NFT game, Axie Infinity 2

Ronin Network, the blockchain of Pokémon-inspired NFT battle game Axie Infinity has revealed that a hacker breached its security and stole $625 in cryptocurrency from its network, which is the biggest crypto-related heist to date.

The digital robbery occurred last Wednesday and was only discovered on Tuesday by the developers at Sky Mavis who run both Axie Infinity and the Ronin Network. The hacker responsible hacked private keys in order to “forge fake withdrawals” which was done through a backdoor on Ronin’s gas-free RPC node which the company says the hacker “abused to get the signature for the Axie DAO validator.” The hack has reportedly resulted in a 25 percent decrease in the value of Ronin’s token.

“There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised, resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions,” the Ronin Network revealed on its Substack.

There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022

Throughout the life of Axie Infinity, fraudulent transactions were normally prevented through “9 validator nodes.” That changed back in November as the game was dealing with an overwhelming demand from new players which led the Ronin Network to give the game’s developer, Sky Mavis the go-ahead to approve any transactions on their behalf. That wouldn’t last for too long as the permission was discontinued but a way to access the Axie DAO allowlist was still present through a backdoor.

Hacker Steals More Than $600 Million In Cryptocurrency From The Blockchain Of Nft Game, Axie Infinity 1

“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf [but] this was discontinued in December 2021, [however] the allowlist access was not revoked. Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC,“ the Ronin Network said in a statement.

The blockchain has responded to the security breach by locking down all accounts while it investigates more into the hack. This basically means Axie Infinity players will have to hold off adding funds as there is no option at this point.

Dennis B Price

Dennis B. Price, a budding Canadian journalist from Ajax, hones his skills at Durham College, writing for The Chronicle. Specializing in tech and video game journalism, he's written for Undiscovered Gaming, The Vita Lounge, and currently manages content at GameSavvy. Co-host of Canadian Geekcast, he's a voice in the gaming realm.

This post may contain affiliate links. If you use these links to buy something, CGMagazine may earn a commission. However, please know this does not impact our reviews or opinions in any way. See our ethics statement.

File Under: NFTs