Over $600M hacked from Axie Infinity’s Ronin network

Over $600M hacked from Axie Infinity’s Ronin network

One of the biggest crypto hacks took place on Ronin network, home of Axie Infinity game.

Ronin is an Ethereum sidechain created to match the rapidly increasing popularity of Axie Infinity play-to-earn game. Sky Mavis, the company behind Axie, transferred the game from Ethereum to Ronin last year, in order to profit from much higher transaction throughput and much lower fees, since Ethereum was becoming too expensive for the game users.

However, in the blockchain world scalability often comes at a cost, which is lower decentralization and lower security. Ronin network is using a version of a Proof-of-Stake consensus, running with only 9 validators, which means that five are needed for any deposit or withdrawal.

The attacker hacked the private keys of four Ronin validator nodes and one Axie DAO validator node, which allowed them to forge fake withdrawals and drain the equivalent of over $600M from the Ronin bridge in just two transactions. It happened a week ago, but curiously enough wasn’t discovered until yesterday.

Sky Mavis team is now working with the law enforcement and on-chain analytics firm Chainalysis to track the funds, some of which have already been sent to exchanges by the hackers. In the meantime, the Ronin bridge is halted, and Sky Mavis is “committed to ensuring that all of the drained funds are recovered or reimbursed.”

We think it would also be useful to reconsider the decentralization part ?