According to a tweet posted on Ronin Network’s official Twitter handle, the Ronin bridge has been exploited and 173,600 ETH and 25.5 million USDC coins worth about $612 million were stolen.
The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.
The Ronin bridge and Katana Dex have been halted.
— Ronin (@Ronin_Network) March 29, 2022
Following the hack, Ronin bridge and Katana DEX have both been halted.
Ronin however said in the Twitter thread touching on the exploit that its team is working with “law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed.” It also said that “all of the AXS, RON, and SLP on Ronin are safe.”
We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.
— Ronin (@Ronin_Network) March 29, 2022
What we know about the hack so far
According to an official communication of Ronin Network on Substack, the hacker managed to take over the control of four of Sky Mavi’s Ronin validators together with a third-party validator managed by the Axie DAO.
The Sky Mavi’s Ronin chain consists of nine validator nodes and five out of the nine are required to append their signatures for a deposit or withdrawal to be recognized. Although the validator key scheme is decentralized and built to limit an attack vector like the one that just occurred, the hacker found a backdoor through the network’s gas-free RPC node and got the signature for the Axie DAO.
At the time of writing, the RON token, which is Ronin’s native governance token, had dropped by over 20% over the past one hour.