online gambling singapore online gambling singapore online slot malaysia online slot malaysia mega888 malaysia slot gacor live casino malaysia online betting malaysia mega888 mega888 mega888 mega888 mega888 mega888 mega888 mega888 mega888 Axie Infinity's Ronin bridge hacked for over $600M

摘要: "We are in touch with security teams at major exchanges and will be reaching out to all in the coming days," said the team at Ronin.


images/2022-04-06_123122.png

▲圖片標題(來源:cointelegraph)

According to Axie Infinity's official Discord and Ronin Network's official Twitter thread, along with its Substack page, the Ronin bridge and Katana Dex have been halted after suffering an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC), worth a combined $612 million at Tuesday's prices. In a statement, its developers said they are "currently working with law enforcement officials, forensic cryptographers and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON and SLP [tokens] on Ronin are safe right now."

As told by Ronin developers, the attacker used hacked private keys in order to forge fake withdrawals, draining the funds from the Ronin bridge in just two transactions. More importantly, the hack occurred on March 23 but was only discovered on Tuesday after a user allegedly uncovered issues after failing to withdraw 5,000 in ETH from the Ronin bridge. At the time of publication, RON, Ronin's primary governance token, has fallen nearly 20% to $1.88 in the past hour.

Sky Mavis’ Ronin chain currently consists of nine validator nodes, of which at least five signatures are needed to recognize a deposit or withdrawal event. The attacker managed to gain control over five private keys, consisting of Sky Mavis’s four Ronin validators and a third-party validator run by Axie Decentralized Autonomous Organization, or DAO. Obtaining unauthorized access to the latter was especially time-consuming.

Last November, when Sky Mavis, the developer of the Axie Infinity and Ronin ecosystems, requested help from the Axie DAO, to distribute free transactions due to a surge in the number of users. The Axie DAO whitelisted Sky Mavis to sign various transactions on its behalf, and the process was discontinued in December. However, access to the whitelist was not revoked.

Once the attacker obtained access to Sky Mavis systems, they acquired the final signature from the Axie DAO validator, thereby completing the node threshold required for the illicit siphoning of funds from Ronin. At the time of publication, most of the hacked funds are still sitting inside the attacker's wallet.

轉貼自: Cointelegraph

若喜歡本文,請關注我們的臉書 Please Like our Facebook Page: Big Data In Finance


留下你的回應

以訪客張貼回應

0
  • 找不到回應