The latest crypto hack may be the largest yet.
The gaming-focused Ronin Network announced Tuesday a loss of over $625 million in USDC and ETH.
According to a blog post published by the Ronin Network’s official Substack, the exploit affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie Dao.
An attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions.
While the Ronin sidechain has nine validators requiring five signatures for withdrawals meant to protect against these types of attacks, the blog post notes that “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
The blog post pegged the losses at 173,600 Ethereum and 25.5M in USDC, currently worth in excess of $625 million.
Back in August 2021, a hacker made off with $611 million in an exploit of cross-chain DeFi protocol Poly Network. The vast majority of the funds were returned.
The Ronin attacker’s Ethereum address is a fresh address that transferred ETH in from Binance one week ago. Etherscan records show that the attack took place last Wednesday.
The majority of the funds remain in the attacker’s address, though 6,250 ETH has been transferred to various other addresses.
The Ronin Bridge and the Katana AMM have both been paused while investigations are ongoing.
“We are working directly with various government agencies to ensure the criminals get brought to justice,” the blog notes.
This is a developing story and will be updated.