On March 29, 2022, the Axie Infinity sidechain Ronin Network issued a community warning regarding a security breach in their network. A total of 173,600 ETH and $25.5 million USDC were stolen from the Ronin Bridge, resulting in a loss of more than $610 million. The SlowMist security team conducted a post-mortem analysis of the incident, and these are our findings.
The Ronin network is an Ethereum sidechain, created specifically for Axie Infinity. It is one of the largest play-to-earn games on the blockchain, with millions of users around the world. The Axie Infinity team, Sky Mavis, created this network to give its users a reliable, fast, and cheap network for conducting transactions. They concentrated on developing a game-first expansion strategy that would not only stand the test of time but would also meet the demands imposed by the rapid development of the game.
According to an official release by Axie, the attacker used comprised private keys to forge withdrawal signatures. They then withdrew most of the funds from the Ronin bridge in just two transactions. It is worth noting that the incident occurred as early as March 23 but went unnoticed until users reported they were not able to withdraw 5k ETH from the bridge. This incident is even higher than last year’s PolyNetwork hack, which lost more than $600 million.
The main cause of this incident can be traced back to November 2021, when Sky Mavis asked Axie DAO to help distribute free transactions. Due to the huge user load, Axie DAO whitelisted Sky Mavis, allowing Sky Mavis to sign various transactions on its behalf. This process stopped in December; however, access to the whitelist was never revoked. This leads to the possibility that once an attacker gains access to the Sky Mavis system, they can sign from the Axie DAO authenticator through gas-free RPC. The Sky Mavis Ronin chain currently consists of nine verification nodes, of which at least five signatures are required to identify deposit or withdrawal events. The attacker discovered a backdoor through the gas-free RPC node and managed to gain access to five private keys. This included four Ronin validators for Sky Mavis and a third-party validator run by Axie DAO.
After the incident, we alerted the community and analyzed the incident for the first time at 1:09 Beijing time on March 30.
According to our anti-money laundering system, MistTrack, the incident started on March 23. $25.5 million USDC was transferred out of Ronin bridge and that was exchanged for ETH.
On March 28 at 02:30:38, the hacker began moving the funds.
According to MistTrack, the hacker first distributed 6250 ETH to various wallets. We then discovered 1220 ETH was transferred to FTX, 1 ETH to Crypto.com , and 3750 ETH to Huobi.
It is worth noting that 1.0569 ETH was transferred in from Binance to fund this exploit.
At present, the founders of Huobi and Binance have both issued statements that they will fully support Axie Infinity. FTX CEO SBF also said in an email that he will assist in forensic evidence.
So far, nearly 180,000 ETHs are still remaining in the hacker’s address.
At present, the hacker has only transferred funds to centralized platforms. People are speculating that the hacker only knows how to steal crypto but not launder it. Although it seems to be the case, this is also a common method of laundering crypto. All this is made possible using fake KYC, proxy IP, fake backup information, and so on. Judging by the information we have obtained so far, this incident was not carried out by amateurs. There is still hope for recovery, but it is uncertain how long it will take. Of course, this also depends on the collaboration of law enforcement agencies.
The root cause of this incident was the intrusion of the Sky Mavis system and the improper maintenance of the Axie DAO whitelist permissions.
At the same time, we like to speculate boldly what happened:
Did the Sky Mavis system hold the private keys of 4 verifiers?
The attacker obtains the permission of four verification nodes by invading the Sky Mavis system. It signed the malicious withdrawal transaction, and then used the whitelist permissions opened by Axie DAO to Sky Mavis. The attacker pushes the malicious withdrawal transaction to the Axie DAO verifier through gas-free RPC to obtain the signature of the malicious withdrawal transaction from the fifth verification node and then passes the 5/9 signature verification.
Finally, we would like to quote the recommendations by Safeheron:
1. The private key is best to eliminate a single point of risk through secure multi-party computing (MPC).；
2. The private key is fragmented and dispersed into multiple hardware-isolated chips for protection.；
3. There should be more strategic approval and protection for large-scale capital operations, to ensure that the main person in charge is informed and confirmed of the change of funds as soon as possible.；
4. The actual theft occurred on March 23, and the project party should strengthen service and fund monitoring.