More than 600 million US dollars of funds were stolen, Ronin cross-chain bridge was attacked

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

More than 600 million US dollars of funds were stolen, Ronin cross-chain bridge was attacked

成都链安

2022-04-10 05:27

本文约1900字，阅读全文需要约8分钟

On March 29, the blockchain project platform Ronin announced that it was hacked, and about $600 million in cryptocurrency was stolen.

secondary title

Over $600 million in cryptocurrency stolen

According to Ronin, unidentified hackers entered the system on March 23 and stole 173,600 Ether coins and 25.5 million USD Coin coins.

picture

Steal 25.5 million USDC at 13:31 on March 23

secondary title

Ronin is the underlying blockchain of Axie Infinity, a popular NFT game that is popular all over the world. Cryptocurrency holders often don't operate in just one blockchain ecosystem, so developers build cross-chain bridges that let users send cryptocurrencies from one chain to another. Using the bridge, players can deposit Ethereum or USDC into Ronin and use it to buy non-fungible tokens (NFTs) or in-game currencies. Players can also sell their in-game assets and withdraw funds. Ronin and Axie Infinity belong to the same operator Sky Mavis.

picture

Sky Mavis stated that following the incident, they will increase the number of nodes required for transactions to 8 and will reopen Ronin "at a later date" once it is determined that no more funds are available.

secondary title

Where did the $600 million in stolen virtual currency go?

1. The stolen virtual currency of the project was transferred to the address of the hacker, the address is:

0x098b716b8aaf21512996dc57eb0615e2383e2f96

picture

2. After the hacker transferred the stolen USDC to two addresses, it was converted into ETH and then flowed back to the hacker's own address.

picture

We entered the hacker address 0x098b716b8aaf21512996dc57eb0615e2383e2f96 through the address analysis module of the chain, and found that the hacker transferred 4970.95 ETH to Huobi and other exchanges on March 28. The address that flows to the exchange is as follows:

picture

1) Inflow to HUOBI (Huobi Exchange) address 1:

0x73f8fc2e74302eb2efda125a326655acfodc2d1b, about 2500ETH in total;

2) Inflow to HUOBI (Huobi Exchange) address 2:

0x28ffe35688ffffd0659aee2e34778b0ae4e193ad, a total of about 1250ETH;

3) The address of the incoming FTX exchange is:

0xc098b2a3aa256d2140208c3de6543aaef5cd3a94, a total inflow of about 1219.96ETH;

4) The address of the incoming Crypto.com exchange is:

0x6262998ced04146fa42253a5c0af90ca02dfd2a3, a total inflow of about 0.99ETH;

4. Balance of hacker address: 175913.70 ETH

Chengdu Lianan will continue to pay attention to the follow-up progress of the incident, and further monitor the funds on the chain. If there is any news about the latest changes, it will be notified and shared with everyone as soon as possible.

2. When the signature service goes offline, the policy should be updated in time, the corresponding service module should be closed, and the corresponding signature account address can be considered discarded;

1. Pay attention to the security of the signature server;

3. During multi-signature verification, the multi-signature services should be logically isolated, and the signature content should be verified independently. It cannot happen that some verifiers can directly request other verifiers to sign without being verified;