The biggest hacking theft in history! Ronin lost $620 million worth of cryptocurrency
On March 30, another cryptocurrency theft occurred, this time by the blockchain Gamefi project Ronin, whose stolen assets were worth about $620 million.
Just mentioning Ronin may be a little unfamiliar to everyone, but the "Axie Infinity" developed by sky Mavis, his company, must be well known in the chain circle. The blockchain game exploded in popularity in 2021 and is known as the "King of Chain Games", with transactions of more than $4 billion so far. And Ronin is the official blockchain wallet used by this chain game. At present, Ronin has temporarily frozen deposits and deposited funds. Countless players, including China, who rely on Axie Infinity to make a living, are crying in the toilet.
The popular Gamefi project Axie Infinity
$620 million worth of cryptocurrency was stolen
According to Ronin, unidentified hackers entered the system on March 23 and stole 173,600 ETH and 25.5 million USDCs. At current exchange rates, the stolen cryptocurrency is worth about $620 million, and was worth about $540 million when hacked. This is also all ETH and USDC deposits on Ronin. Other cryptocurrencies on Ronin, AXS, RON and SLP, are currently secure.
It wasn't until March 29 that Ronin's Sky Mavis team discovered the vulnerability because a user discovered that 5,000 ETH could not be extracted from the cross-chain bridge that morning. Officials said most of the stolen funds are still in the hackers' digital wallets and are working with law enforcement officers, cryptographers and investors to ensure that all funds are recovered or reimbursed.
As of now, users have been unable to withdraw or deposit funds to Ronin. This means that Axie Infinity, the world's hottest blockchain game, will not be monetized for the time being. Axie Infinity is a game built on the Ethereum blockchain, and the gameplay is somewhat similar to Pokémon, in that players must first own 3 NFT pets and then have the pets battle and breed to win the game rewards.
With its "Play to Earn" feature, Axie Infinity has attracted nearly 2 million players worldwide as of October 2021, with sky mavis, its company, valued at $3 billion, and its cumulative NFT trading volume exceeding $2.2 billion. Axie Infinity's game currency AXS also soared, from the initial $0.59 to $160. Affected by the theft, AXS plunged nearly 10% to $64 in the early morning of the 30th, while RON (Ronin coin) plunged directly from 2.28 to $1.69, plunging nearly 25%.
Affected by the theft, the price fell off a cliff
According to relevant surveys, 48% of respondents said that they played "Axie Infinity" for economic reasons, and there were also cases of full-time Axie Infinity playing "Axie Infinity" in the Philippines, and a large number of players in China also panned for gold in this game. As the official wallet of Axie Infinity, the theft of Ronin, the freezing of transactions, and the collapse of prices will have a direct impact on at least 2 million users.
Why cryptocurrencies that focus on security are not secure
The secure, open and transparent attributes of blockchain technology have always been an important basis for people to maintain confidence in cryptocurrencies, but cryptocurrency thefts still occur frequently.
Just in February, the cross-chain bridge Wormhole Portal suffered a "bridge" vulnerability attack, resulting in the cryptocurrency platform losing the equivalent of $322.8 million in ETH and SOL. Prior to that, on January 28, the QBridge of the Qubit project had just suffered an attack loss of about $80 million.
For the Blacken Bridge this time, Sky Mavis explained the specific reasons from a technical point of view. According to reports, the Ronin chain currently consists of 9 verification nodes. In order to identify a deposit event or withdrawal event, five of the nine verifier signatures are required. The attacker managed to take control of sky Mavis's four Ronin validators and a third-party authenticator run by Axie DAO.
The authenticator key scheme is set to decentralize, so it limits the direction of attacks similar to this, but the attacker discovers a backdoor through its gasless RPC node and obtains the signature of the Axie DAO verifier through this backdoor, thus committing asset theft.
Looking at these cryptocurrency thefts, it is not difficult to find a keyword "bridge", and it is necessary to mention the concept of "blockchain bridge", which is the hardest hit area for cryptocurrency security risks.
In the world of blockchain, there are many chains and decentralized applications, and these chains have a large number of interoperability needs, and the blockchain bridge becomes a bridge connecting each other. Blockchain bridges allow people to transfer tokens, data, and even smart contract instructions between independent blockchain platforms, which is a good thing in itself and a must. But when a "bridge" has hundreds of millions of dollars in escrow assets and operates on two or more blockchains, this increases the pipeline through which they could be attacked, potentially becoming a prime target for hackers.
Industry views suggest that while bridges open up innovation for the blockchain ecosystem, they also pose serious risks if teams cut corners on research and development. The best bridge will be the safest, most connected, fast, capital efficient, cost-effective and vetted bridge. If we want to realize the vision of a "blockchain internet", these attributes need to be maximized.
A security alert for cryptocurrencies
Of course, for cryptocurrencies, there is no need to "talk about coin discoloration", compared to real currency fraud, theft and other cases, cryptocurrencies still have their unique advantages, look at the download volume of "anti-fraud APP" to know. More cryptocurrency holders are more concerned about the value of their investments.
Even if cryptocurrencies are stolen, due to their open and transparent blockchain properties, it is difficult for thieves to whitewash, monetize, and track them much easier than real-world currency scams.
On February 8, the U.S. Department of Justice announced that it had seized more than 94,000 of the 120,000 bitcoins stolen from the Bitfinex cryptocurrency exchange that had been hacked five years earlier, and arrested two suspects suspected of money laundering, a young couple. The couple was dubbed the "male and female thief" by the media.
At the current bitcoin price, 120,000 bitcoins are worth $5.2 billion, or about 33 billion yuan; even at the price of $600 when bitcoin was stolen five years ago, it is worth $720 million, or about 5 billion yuan. It also became the highest amount of money ever involved in the U.S. Department of Justice.
After 5 years, it is still possible to catch criminals and recover most of the stolen cryptocurrencies, indicating that it is extremely difficult to launder and cash out illegally obtained cryptocurrencies. According to the investigation, the pair of "male and female thieves" tried various means to transfer assets in the past 5 years, but in the end it was difficult to escape justice.
Digital currency thefts are frequent
In contrast, hackers who attacked Poly Network seemed to be a bit wiser. On August 10, 2021, the cross-chain interoperable protocol Poly Network was hacked and $610 million worth of cryptocurrency was stolen. But the hackers quickly regretted it, announcing within 16 hours that they would return all the cryptocurrencies and return all the assets a few days later.
In fact, in this incident, the security team tracked through the chain and off-chain, and within 3 hours, the attacker's mailbox, IP and device fingerprints were found. The attacker's statement afterwards that "just playing, no interest in money" also has the element of helplessness. But similar behavior still deserves the vigilance of the legal authorities.
Cryptocurrencies have lived in the dark since their inception, and while most countries do not absolutely ban cryptocurrencies, there are only a handful of countries that recognize their legal status.
While cryptocurrencies have the advantages of decentralization, strong liquidity, and safe traceability, their financial speculation attributes and regulatory difficulties have also been criticized. Cryptocurrencies have never been able to integrate with the actual legal system.
But in any case, stealing a large amount of cryptocurrency through hacking means is a clear illegal act and is bound to be severely sanctioned by governments. Next, how to properly use cryptocurrencies and even blockchain technology for human beings to benefit themselves will be a challenge that must be faced.