According to a tweet posted on the official Ronin Network Twitter account, the Ronin bridge was exploited and 173,600 ETH along with 25.5 million USDC were stolen, with an estimated combined value of approximately $612 million.
The Ronin bridge has been exploited for 173,600 Ethereum and 25.5M USDC.
The Ronin bridge and Katana Dex have been halted.
— Ronin (@Ronin_Network) March 29, 2022
Following the breach, both the Ronin Bridge and the Katana decentralized exchange were taken offline.
In replies on Twitter addressing the incident, Ronin stated that its team is working with “law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed.” The message also reassured users that “all of the AXS, RON, and SLP on Ronin are safe right now.”
We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now.
— Ronin (@Ronin_Network) March 29, 2022
What we know about the hack so far
According to Ronin Network’s official post on Substack, the attacker gained control of four of Sky Mavis’s Ronin validators, along with a third-party validator that was managed by Axie DAO.
The Sky Mavis Ronin chain runs on nine validator nodes, and a minimum of five validator signatures are required to approve any deposit or withdrawal. Although the validator key architecture is intended to be decentralized and designed to limit attack vectors like this one, the attacker exploited a vulnerability through an RPC node lacking gas and subsequently obtained the Axie DAO signature.
At the time of writing, RON, Ronin’s native governance token, fell more than 20% in the last hour following news of the exploit.