Hackers stole over a half-billion dollars’ worth of cryptocurrency, and no one noticed.
That’s the wild takeaway after the team behind Ronin, an Ethereum sidechain developed for the popular blockchain-integrated game Axie Infinity, said they discovered only today that 173,600 ether and 25.5 million of the USDC stablecoin were stolen from their network starting March 23.
Worth approximately $615 million, this theft represents one of the largest DeFi losses to date — even surpassing the August 2021 Poly Network hack of approximately $600 million in crypto.
The official Ronin Network blog post says developers were only alerted to the missing funds by a user who was unable to withdraw their own ether.
“ETH and USDC deposits on Ronin have been drained from the bridge contract,” explains Tuesday’s blog post.
“As of right now users are unable to withdraw or deposit funds to Ronin Network.”
Axie Infinity is a pay-to-earn game popular in the Philippines, where people spend real money to get access to the game with the hope of earning tokens that can be cashed out for actual money.
Notably, unlike previous DeFi disasters, at issue with the Ronin hack does not appear to be some kind of smart contract exploit — meaning there wasn’t necessarily a bug in the code. Rather, whoever stole these funds took a more traditional approach and swiped the cryptographic keys from Axie Infinity developer Sky Mavis and “a third-party validator run by Axie DAO.”
“The attacker used hacked private keys in order to forge fake withdrawals,” notes Ronin.
Ronin says it’s working with law enforcement and the blockchain-analytics firm Chainalysis to track the funds.
In the exploit-prone world of DeFi, a half-billion dollar hack just wasn’t enough to trigger any internal alarm bells.
Either that, or the so-called future of finance is seriously lacking in alarm bells to set off.
This article was originally sourced by www.mashable.com.
