"Attackers Steal $618m From Crypto Firm"

A cryptocurrency firm used by gamers to transfer virtual coins has found that hackers stole hundreds of millions of dollars worth of currency from it.  Vietnamese blockchain game developer Sky Mavis created the Ronin Network to function as an Ethereum sidechain for its Axie Infinity game.  In practice, it allows users to transfer cryptocurrency in and out of the game.  Ronin Network discovered the cyber-heist after a user complained that they could not withdraw funds from the bridge.  The company found that an adversary compromised Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes and used hijacked private keys to forge fake withdrawals.  This resulted in the theft of 173,600 Ethereum ($592m) and $25.5m from the Ronin bridge in two transactions.  The company noted that Sky Mavis’s Ronin chain currently consists of nine validator nodes.  In order to recognize a deposit event or a withdrawal event, five out of the nine validator signatures are needed.  The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO.  Ronin Network said it had paused its bridge functionality to ensure no further attack vectors are open, and it has increased the validator threshold from five to eight.  The company is currently working with analytics firm Chainalysis to monitor where the stolen funds go.  The company claimed, “most” of the funds are still in the attacker’s wallet.  According to Comparitech, the incident makes it the most significant cryptocurrency theft ever recorded, topping the raid on Poly Network, which netted $610m in August last year.

Infosecurity reports: "Attackers Steal $618m From Crypto Firm"