This latest report about the Ronin bridge hack by Axie Infinity/ Ronin is just too amazing to be true. It is particularly shocking when the FBI says that this hack was carried out by a North Korea-sponsored hacking organization. “A senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist,” The Block reports. That’s not all, apparently, the hackers’ spyware got into the system through a simple .pdf file. It is unbelievable that hackers managed to hack $622 million.
Axie Infinity’s only Ethereum sidechain, the Ronin Network, is an Ethereum sidechain. Both a billion-dollar business and a fun app with a thriving internal economy and an international audience, the play-to-earn game was one of the bull market’s biggest success stories. Sky Mavis, the studio behind Axie Infinity. One of the programmers fell for the most basic social engineering trick known.
Chainalysis surveillance company claims that North Korea’s sponsored hackers took over $400M just in 2021. And according to the FBI, they’re responsible for the Axie Infinity/ Ronin hack. The funds were traced by the alphabet agency to Lazarus hacking group in North Korea. Does The Block’s article complete or negate this version of the story? It’s hard to see North Koreans pulling a stunt quite like this.
In any case the FBI was very specific in its statement Here are some examples:
“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th.”
True, the record was broken with only one operation in 2021.
What happened to the Axie Infinity/ Ronin Hack?
The hack’s supposed story is hilarious, to say the least. The Block reports:
“Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter.”
After several rounds of interviews, one of Sky Mavis’ developers got an extremely generous offer. He opened up Pandora’s box and all hell broke loose.
“The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total control.”
The hackers took control of another entity in order to carry out the attack. Once upon a time, “the Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf.” These were the hackers’ exploits. permissions were still valid and the hackers took advantage of them. The Ronin bridge’s operators’ post-mortemOn the Attack describes the consequences.
“The attacker managed to get control over five of the nine validator private keys — 4 Sky Mavis validators and 1 Axie DAO — in order to forge fake withdrawals. This resulted in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transaction”
Did Lazarus’ operators orchestrate such a Hollywoodesque attack? Is it possible that other people were involved in the comedy modus operandi?
Source: AXS/USD on TradingView.com| Source: AXS/USD on TradingView.com
Past Coverage of The Ronin Hack
Let’s turn to archival material to complete the story and add extra detail. The breach occurred NewsBTC described the event as follows::
“On March 23, cybercriminals exploited The Ronin Bridge Network, and the hackers looted over $625 million worth of assets. This asset includes 25.5 Million USDC, and more than 173,600 Ether. A report on their blog revealed this data.”
Then, we reported on Axie Infinity and Sky Mavis’First solution for the problem:
“The latest move announced is a $1 million bug bounty program that invites white hat hackers to stress test the blockchain.
Co-Founder and COO of Sky Mavis and Axie announced: “Calling all whitehats in the blockchain space. Sky Mavis Bug Bounty is now available. Help us keep the Ronin Network secure while earning a bounty up to $1,000,000 in bounty for fatal bugs.”
Our sister-site was then reopened after operators had reopened Ronin Bridge, which has been upgraded and improved. Bitcoinist reviewed its features:
“In addition to the two independent audits on its smart contracts, the Ronin Bridge’s new design has implemented a new “circuit-breaker” feature. This was directly added to prevent a bad actor from replicating the previous attack or exploiting any potential new attack vector.”
At the moment, it seems that the Ronin Bridge is safe to use. The hack also made it safe to use.
Niek Verlaan, Pixabay Charts by TradingView| Charts by TradingView