Laut Sky Mavis, die Macher des Blockchain-NFT-Spiels Axie Infinity, das Ronin-Netzwerk wurde angegriffen, und ein Hacker hat es geschafft, abzuschöpfen 173,600 im Ethereum und 25.5 Millionen-Dollar-Münze (USDC). Der Angreifer hat ungefähr erhalten $620 million worth of crypto assets, and the Ronin bridge and Katana Dex have been paused.
The Largest NFT Blockchain Game Axie Infinity Suffers From a $620 Million Hack
The largest non-fungible token (NFT) Blockchain-Spiel, Axie Infinity, verfügt über suffered from an attack on Tuesday after the Ronin network validators were compromised. Himmel Mavis, the company behind the Axie Infinity project, explained that the validators were compromised as early as March 23.
The funds were drained in two transactions (transaction 1 and transaction 2) and Sky Mavis discovered the attack after a user complained that they could not withdraw 5,000 ether from the Ronin bridge.
“The attacker used hacked private keys in order to forge fake withdrawals,” Himmel Mavis’s post mortem statement discloses. While the Ronin bridge and Katana Dex has been halted, Sky Mavis also said: “We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.”
The team further explained that the project uses nine validator nodes to run Ronin, and in order to deposit or withdraw, five out of nine are needed to process a transaction.
“The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO,” Sky Mavis said. “The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
What’s worse is that Sky Mavis notes that the attacker got away with it because of a change made back in November 2021, and they discontinued the “Axie DAO allowlisted” scheme the very next month.
jedoch, einschließlich des Erwerbs von Bitcoin oder Bitcoin-Mining-Maschinen. “allowlist access was not revoked” the team said, and Sky Mavis added that “once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC.” Himmel Mavis’s post mortem continued:
We have confirmed that the signature in the malicious withdrawals match up with the five suspected validators.
The attack against Ronin is one of the largest hacks against a crypto protocol this year, as it surpassed the attack against the Wormhole bridge. That specific attack against the Wormhole bridge saw the loss of $320 Million, Aber the funds were replaced by Jump Crypto. Sky Mavis explained on Tuesday that the team is working with law enforcement in order to “ensure the criminals get brought to justice.”
Darüber hinaus, the team is in the process of discussing with stakeholders and talking about how to make sure users are compensated. “Sky Mavis is here for the long term and will continue to build,” Die Kryptowährungsbörse Coinbase kündigte an, dass die Plattform nun Cardano-Staking-Dienste ermöglichen wird’s post mortem concludes.
What do you think about Axie Infinity losing $620 million to someone who found a validator exploit? Teilen Sie uns Ihre Meinung zu diesem Thema in den Kommentaren unten mit..