According to a tweet posted on Ronin Network’s official Twitter handle, the Ronin bridge was exploited and 173,600 ETH plus 25.5 million USDC tokens — worth roughly $612 million — were stolen.
The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.
The Ronin bridge and Katana Dex have been halted.
— Ronin (@Ronin_Network) March 29, 2022
Following the hack, both the Ronin bridge and the Katana DEX were taken offline.
In the same Twitter thread addressing the exploit, Ronin said its team is working with “law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed.” The statement also emphasized that “all of the AXS, RON, and SLP on Ronin are safe.”
We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.
— Ronin (@Ronin_Network) March 29, 2022
What we know about the hack so far
According to an official announcement from Ronin Network on Substack, the attacker gained control of four of Sky Mavis’s Ronin validators and a third-party validator operated by the Axie DAO.
The Sky Mavis Ronin chain is secured by nine validator nodes, with five of nine signatures required to approve a deposit or withdrawal. Although the validator key scheme is decentralized and designed to limit the kind of attack that occurred, the attacker exploited a backdoor through the network’s gas-free RPC node and obtained the Axie DAO signature.
At the time of writing, the RON token, Ronin’s native governance token, had fallen more than 20% within the past hour.