Cyberattack: Over $600m lost in a Ronin Network hack

Temitope Akintade
•Axie’s Ronin Network has lost over $600M in what is branded as the biggest hack ever •Ronin Network posted a notice 6 days after the attack and have temporarily paused the Ronin Bridge to ensure no further attacks • AXS, SLP and RON all tanked following the news but it is unlikely that there will be a major market crash

Ethereum-linked sidechain, Ronin, developed by Axie Infinity creator Sky Mavis, has confirmed a major security breach in a blog post yesterday. According to Ronin’s manager, the cybercriminals attacked his platform on March 23 and stole around 173,600 Ethereum. Those involved in the robbery fled and so far have not been apprehended.

The project lost about $625 million (173,600 Ethereum tokens and 25.5 million USDC tokens) and this could be the largest decentralised finance cyberattack (hack) in history, topping the $611 Poly Network heist that took place in August 2021.


Axie is a blockchain-based video game that leverages NFTs to reward players. Like most blockchain-based games, it runs on Ethereum. The game has a sidechain called Ronin to help reduce transaction fees. Transaction fees are a common problem when using Ethereum. 

To get rid of the issues bugging the Ethereum blockchain from affecting Axie’s gameplay, the game developers unveiled the Ronin blockchain. According to the developers, the Ronin network is a sidechain that was specially made for Axie Infinity.

Ronin wallet is the wallet built on the Ronin blockchain for Axie Infinity players. Just like MetaMask and some other wallets, it is a browser extension wallet.

Ronin Bridge is the gateway where users that play the Axie Infinity transfer their ETH to Ronin. After it is transferred to Ronin using the bridge, the ETH becomes Wrapped ETH. After this conversion, users can now use it to purchase Axies to play the game. Users can also use the bridge to transfer their tokens back to Ethereum and withdraw them.

How the hack happened

The cyberattack occurred on the Ronin Bridge, exposing Axie Infinity players along with other projects using that Bridge.

The funds on the Ronin Bridge are secured by a set of nine secret keys. Having access to at least five of those keys allows the network to unlock and release the funds.

The hacker found a backdoor in the Ronin Bridge node and got a hold of four validators on Ronin, including a third-party validator run by the Axie DAO. With those five validators at hand, the hacker unlocked the vault and withdrew 173,600 Ethereum. The attacker “used hacked private keys to forge fake withdrawals” from the Ronin bridge contract in two transactions.

In total, the hacker made off with 173,600 ETH and 25.5 million USDC, valued at more than $620 million at the time of writing. Around 6,250 ether, or $21 million, has since been moved out of the attacker’s wallet address, including several ETH transferred to FTX Exchange, according to Etherscan.

The Ronin Network posted a public notice about the event six days after the hack, disclosing that they already knew about the hack on the same day – a user reported his inability to withdraw 5K ETH from their Bridge.

The company announced that they are increasing the validator threshold from five to eight. Ronin will temporarily pause the Ronin Bridge to ensure no further attack vectors remain open. Also, they are in the process of migrating their nodes, which will separate from their old infrastructure.

Since 2021, crypto cyberattacks and theft have increased. In the third quarter of 2021, the DeFi company, Poly Network, lost over $600 million. In 2018, the Asian crypto company, Coincheck, suffered a theft of more than $500 million, but there was no reimbursement from the criminals.

Effect on the market

$AXS, $RON, and $SLP all tanked on the news. Unsurprisingly, $RON was hit hardest. It is down 20.49% at press time. $AXS and $SLP are not spared too, they are down 7.12% and 8.59% respectively in the last 24 hours, according to data from Coinmarketcap

Apparently, the occurrence is a big blow for the crypto community. Vulnerabilities in blockchain systems would have adverse effects on the trust and credibility attached to the revolutionary technology. It is even more appalling that it took Ronin company a week to publish their “Community alert”. The company also disabled the comment feature on their announcement.

However, it is unlikely to see a major crash following this hack. The crypto market is now more mature than ever, especially with the increasing corporate bodies and institutional adoption.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!