A jaw-dropping 173,600 ETH and 25.5 million USDC was taken by hackers in two transactions on March 23, but the exploit was only discovered six days later.
In a blog post, developers confirmed that 173,600 ETH and 25.5 million USDC was taken by hackers in two transactions.
At the time of writing, this stash is worth $614 million — narrowly making this incident the biggest crypto hack on record. This overtakes the $611 million that was stolen from PolyNetwork last summer, although it's worth noting these funds were later returned.
Stressing that all remaining funds on the platform are safe, Ronin confirmed it is now "working with law enforcement officials, forensic cryptographers and our investors to make sure all funds are recovered or reimbursed."
Ronin's statement says that the compromise took place on March 23, but it was only discovered on March 29 — a full six days later:
"The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5,000 ETH from the bridge."
Questions are also being raised about the safeguards that were in place to prevent such an attack from occurring. The Ronin chain consists of nine validator nodes — and signatures from five of them are required to initiate a deposit or a withdrawal.
According to the statement, "the attacker managed to get control over Sky Mavis's four Ronin validators and a third-party validator run by Axie DAO."
Although the validator threshold for withdrawals has now been raised to eight out of nine, critics will argue that this is too little, too late.
'We Are Here to Stay,' Axie Says
As well as working with Chainalysis to monitor the flow of stolen funds, developers have contacted major exchanges so they can halt linked transactions, too. Binance's CEO Changpeng Zhao tweeted:
"Our team is in touch with Axie Infinity team providing assistance in tracking this issue."
In a Q&A that asked whether Ronin is still safe to use, developers said:
"As we've witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats. We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks."
Users remain unable to withdraw or deposit funds "to ensure no further attack vendors remain open," but they have been assured that the bridge will be opened up at a later date once developers are certain no funds can be drained.
Axie Infinity has struck a defiant tone in the aftermath of the hack, tweeting:
"We are here to stay."