NFT [BREAKING!] Axie Infinity | Ronin Network Breached. Drained ~₱32B

[Ruggzee]

Photo Credit to Axies Alerts PH​

There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions (1 and 2). The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.

Source:

https://twitter.com/x/status/1508828719711879168

• The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.
• The Ronin bridge and Katana Dex have been halted.
• We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.

Actions Taken

1. We moved swiftly to address the incident once it became known and we are actively taking steps to guard against future attacks. To prevent further short term damage, we have increased the validator threshold from five to eight.
2. We are in touch with security teams at major exchanges and will be reaching out to all in the coming days.
3. We are in the process of migrating our nodes, which is completely separated from our old infrastructure.
4. We have temporarily paused the Ronin Bridge to ensure no further attack vectors remain open. Binance has also disabled their bridge to/from Ronin to err on the side of caution. The bridge will be opened up at a later date once we are certain no funds can be drained.
5. We have temporarily disabled Katana DEX to due to the inability to arbitrage and deposit more funds to Ronin Network.
6. We are working with Chainalysis to monitor the stolen funds.

Q&A for Media and Community

• Why was the validator threshold only five? Originally, Sky Mavis chose the five out of nine threshold as some nodes didn’t catch up with the chain, or were stuck in syncing state. Moving forward, the threshold will be eight out of nine. We will be expanding the validator set over time, on an expedited timeline.
• Where are the funds now? Most of the hacked funds are still in the hacker’s wallet: https://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96
• How did this happen? We are in the process of conducting a thorough investigation.

Five validator private keys were hacked; 4 Sky Mavis validators and 1 Axie DAO.
The validator key scheme is set up to be decentralized so that it limits an attack vector such as this, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.
This traces back to November 2021 when the Axie DAO validator was allowlisted to distribute free transactions. This was discontinued in December 2021, but the Axie DAO validator IP was still on the allowlist.
Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC.
We have confirmed that the signature in the malicious withdrawals matches up with the five suspected validators.

• Is Ronin safe for me to use? As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats. We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks.
• Why are we being notified about the breach now? The Sky Mavis team discovered the security breach on March 29th, after a report that a user was unable to withdraw 5k ETH from the bridge.
• Are funds on Ronin are at risk? ETH and USDC deposits on Ronin have been drained from the bridge contract. We are working with law enforcement officials, forensic cryptographers, and our investors to make sure there is no loss of user funds. This is our top priority right now.

All of the AXS, RON, and SLP on Ronin are safe right now.

• What does this mean for users who have funds on Ronin Network? As of right now users are unable to withdraw or deposit funds to Ronin Network. Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed.

All details are from Ronin Network​

 

[Urek_Mazino]

Nilabas ko muna 450K SLP ko buyback ako mamaya. Since sa past day trading ko laging umaga bumabagsak price ng SLP at Madaling araw ang PUM. So kung magiging consistent buyback ulit ako kahit mag buy back ako ng 10% loss since marami pa rin nag aabang sa ORIGIN.