Watch Latest Shows & Videos on Our Official YouTube Channel – BLOCKBYTES

Facebook Twitter Youtube Instagram Tiktok Linkedin Spotify
Blockbytes
  • Home
  • Shows
    • Across The Chains
    • Beyond the Block
    • Featured By Blockbytes
    • The Workflow
    • Byte Sized Videos
    • Quickflip Polygon
    • Legacy Content
  • Articles
    • News
    • Getting Started
    • Project Overviews
    • DeFi
    • NFTs
    • Networks
      • Polygon
      • Iota + Shimmer
      • Fantom
      • Aurora
  • BlockBytes Weekly
  • Meet the Team
    • About Us
    • Contact
Reading: CRYPTO HACK CASEFILES: RONIN BRIDGE
Share

  • bitcoinBitcoin(BTC)$16,787.14
  • ethereumEthereum(ETH)$1,210.10
  • tetherTether(USDT)$1.00
  • usd-coinUSD Coin(USDC)$1.00
  • binancecoinBNB(BNB)$247.45
  • binance-usdBinance USD(BUSD)$1.00
  • rippleXRP(XRP)$0.344393
  • dogecoinDogecoin(DOGE)$0.073311
  • cardanoCardano(ADA)$0.250973
  • matic-networkPolygon(MATIC)$0.79

Aa
Blockbytes
  • Home
  • Shows
  • Articles
  • BlockBytes Weekly
  • Meet the Team
Search
  • Home
  • Shows
    • Across The Chains
    • Beyond the Block
    • Featured By Blockbytes
    • The Workflow
    • Byte Sized Videos
    • Quickflip Polygon
    • Legacy Content
  • Articles
    • News
    • Getting Started
    • Project Overviews
    • DeFi
    • NFTs
    • Networks
  • BlockBytes Weekly
  • Meet the Team
    • About Us
    • Contact
Have an existing account? Sign In
Follow US
Facebook Twitter Youtube Instagram Tiktok Linkedin Spotify
Blockbytes > Blog > Editor's Picks > CRYPTO HACK CASEFILES: RONIN BRIDGE
Editor's PicksHacks/Exploits

CRYPTO HACK CASEFILES: RONIN BRIDGE

Brick Frog
Last updated: 2023/01/18 at 11:43 PM
Brick Frog Published January 4, 2023
Share
Ronin Bridge
Ronin Bridge

2022 was a record-setting year for crypto hacks. Estimates range between three to four BILLION dollars in stolen funds. In the Crypto Casefiles series, we’ll cover some of the biggest and most memorable hacks from years past. Our first installment will cover the eye-watering $624 million attack suffered by Ronin Bridge in March 2022 that nobody noticed for six days. 

Contents
The Set UpThe ExploitThe Getaway What can we learn from this?
TargetDateAmount StolenType of Attack
Ronin Bridge23/03/2022$624 millionInfrastructure Attack

The Set Up

The story begins with Sky Mavis, the team behind the popular NFT game Axie Infinity. This development team created Ronin – an Ethereum-linked sidechain designed for Axie Infinity. The Ronin Bridge facilitated transfers between Ethereum assets and the Ronin Network. Ronin was designed to provide fast, cheap transaction throughput necessary for a rising play-to-earn game such as Axie Infinity. 

With a network focused on maximizing transactions per second, the development team chose a Proof of Authority model in which just nine validators validated all transactions and blocks. The Ronin Network uses a set of nine validator nodes to approve transactions on the bridge, and a deposit or withdrawal requires approval by a majority of five of these nodes.  

Sky Mavis operates four of the nine validators. So, in a security breach, an attacker would need just one more validator to effectively control the network. 

The Exploit

On March 23rd, 2022, the attacker gained control of the four validators controlled by Sky Mavis and a third-party Axie DAO validator that signed their malicious transactions. The attacker gained access to the additional validator due to a temporary arrangement between Axie DAO and Sky Mavis in November 2021. 

Axie DAO temporarily allowed Sky Mavis to sign transactions on its behalf as part of an effort to help Sky Mavis cope with an overwhelming network traffic load. This required Axie DAO to approve Sky Mavis’s validators to sign transactions on their behalf. Sky Mavis includes a gas-free RPC node that was used to get this fifth signature. 

While the program expired the following month, the allowlist was never revoked. The attacker could use the additional Axie DAO signature alongside the four Sky Mavis validators to approve transactions. Once the attacker got access to Sky Mavis systems, they obtained the signature from the Axie DAO validator by using the gas-free RPC.

The hacker then authorized two withdrawals, with the first draining 173,000 ETH and then 25.5 million USDC from the Ronin Bridge contract. 

The Sky Mavis team became aware of the hack six days later, on March 29th, when a user reported being unable to withdraw 5,000 ETH via the Ronin Bridge. 

The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.

The Ronin bridge and Katana Dex have been halted.

— Ronin (@Ronin_Network) March 29, 2022

The Getaway 

According to blockchain data, the perpetrator swapped the USDC for ETH via other addresses before returning the funds to their original wallet. The attacker transferred a comparatively small portion of ETH (6250 ETH) to FTX and Crypto.com to test if they could cash out to fiat. 

The rest of the funds remained in the attacker’s address until they were progressively sent elsewhere over the next month.

In a strange turn of events, the U.S Department of Treasury and Federal Bureau of Investigations attributed North Korean based ‘Lazarus Group’ to the Ronin Bridge attack. According to Bloomberg, the agency noted that these crimes provide valuable cash for the North Korean leadership.

In 2014, the Lazarus Group made headlines when it was accused of hacking Sony Pictures Entertainment. The invasion was retaliation to the release of “The Interview,” a satirical film mocking North Korean leader Kim Jong Un. Since then, the FBI reports that the group has continued to carry out attacks to fund the regime.

What can we learn from this?

Sky Mavis learned an expensive lesson regarding centralization. It also failed to revoke delegated permissions, allowing for their abuse at any time. Finally, the team did not have appropriate monitoring systems that could detect the theft from their systems, allowing almost a week’s headstart for the attacker. 

Since the hack, Sky Mavis has paid back $450 million out of its pocket to users who lost their money. The new Ronin Bridge has new security measures and has been thoroughly audited three times, with the platform reopening in June 2022.

You Might Also Like

Crypto Hack Casefiles: Horizon Bridge

Notes from Sam Bankman-Fried’s Congressional Confessions

Facing the FUD: 7 Topics Addressed in Binance’s Chinese Blog Post

Aurora DeFi Ecosystem Overview — August 2022

TAGGED: Bridge, Hacks

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share this Article
Facebook Twitter Email Copy Link Print
Previous Article Facing the FUD: 7 Topics Addressed in Binance’s Chinese Blog Post
Next Article QiDao logo on blue background QiDAO
- Subscribe Us-
Ad image
Popular News
Shimmer 2022
IOTA 2022 – Small Steps, Big Year
Harmony Bridge Hack
Crypto Hack Casefiles: Horizon Bridge
SBF Confessions
Notes from Sam Bankman-Fried’s Congressional Confessions
QiDao logo on blue background
QiDAO
Ronin Bridge
CRYPTO HACK CASEFILES: RONIN BRIDGE

Latest News

Shimmer 2022
FeaturedIota + Shimmer

IOTA 2022 – Small Steps, Big Year

January 18, 2023
Harmony Bridge Hack
Hacks/Exploits

Crypto Hack Casefiles: Horizon Bridge

January 12, 2023
SBF Confessions
Editor's PicksNews

Notes from Sam Bankman-Fried’s Congressional Confessions

January 12, 2023
QiDao logo on blue background
Project Overviews

QiDAO

January 11, 2023

Stay Connected

Twitter Youtube

Subscribe

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Register Lost your password?