Blockchain, $ 625 million in cryptocurrencies stolen through Ronin

Blockchain, $ 625 million in cryptocurrencies stolen through Ronin

On March 23, an as yet unidentified group of hackers landed one of the biggest hits on the virtual currency front. Exploited a typical flaw of the so-called validator nodes
30 Mar 2022
Domenico Aliperto

About $ 625 million worth of cryptocurrencies has been stolen from Ronin, the blockchain behind the popular online game Axie Infinity, which using non-fungible tokens makes up the largest NFT collection by sales volume in the market. Ronin and Axie operator Infinity Sky Mavis revealed the breach yesterday and blocked the platform that allows you to deposit and withdraw funds from the company’s blockchain.
Index of topics
• The start of investigations
• The weak link in the chain
The start of the investigation
According to the reconstruction provided by Ronin, on March 23 unidentified hackers stole about 173,600 ether tokens and 25.5 million USD Coin tokens. At current exchange rates, the stolen funds were worth $ 615 million, but were worth about $ 540 million at the time of the attack. In any case, this is one of the largest cryptocurrency thefts ever recorded, according to evaluations by blockchain analysis firm Elliptic.

Ronin explained in a post on the corporate blog that the attackers used stolen private keys – the passwords needed to access crypto funds – to hack the system. “We are working directly with various government agencies to ensure that criminals are brought to justice,” the group said, adding that discussions have begun with Axie Infinity on how to ensure that user funds, which they cannot currently withdraw or deposit within the network, are not lost.
Ronin is also working with leading blockchain tracker Chainalysis to track down stolen funds, which should still be largely in the hacker’s digital wallet.
The weak link in the chain
The mechanism of validating nodes, at the basis of proof-of-stake blockchains such as Ronin, which consume less energy than proof-of-work systems such as Bitcoin and Ethereum, would have facilitated the action of hackers. The nodes examine the new transactions to confirm that their inputs and outputs match and that the authorization signatures are valid, rejecting any non-compliant transactions. Using fewer nodes is faster and more efficient, but as hacking shows, it can create security risks if most of the nodes are compromised. It is a potential vulnerability for blockchains that are advertised as cheaper and more environmentally friendly than Ethereum.
According to Sky Mavis, the Ronin attack was possible in part due to a shortcut the company took to alleviate an “immense user load” on its network in November last year, when video game popularity exploded in the Philippines. and in other countries where even some players have started using it as a full-time job. The system was shut down in December, but the permits that allowed it were never revoked. After compromising five of the nine validation nodes, the attacker can theoretically override any transaction security and withdraw all the desired funds.
That’s why Sky Mavis has promised it will increase the required number of nodes to eight for transactions and will reopen the Ronin Bridge “at a later time” once it is certain that no more funds can be drained. “As we have seen, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, staying alert and mitigating all threats,” the company said. “We know that trust must be earned and we are using every resource at our disposal to implement the most sophisticated security measures and processes to prevent future attacks.”

COMMENT: It doesn’t matter to wait for quantum computer attacks. The block-chain system is in canvas breeches. Having few validation nodes (proof-of-stake system) is not safe. The stolen money is real. Also in the field of games, the discourse of the block-chain must be revised. game money must be different from real money. Like in the Monopoly game we had when we were young, with banknotes that no one would have exchanged for real dollars due to their format and print. the financial system must abandon the CBDC block-chain for digital currencies. of which our Real Digital Currency is the only one that certifies its validity by decrypting the encrypted message. See in the other articles how it works.