Fairyproof’s Analysis of the Attack on the Ronin Bridge of Axie Infinity
Ronin, a popular Ethereum sidechain was attacked on March 23 at 01:29:09 PM UTC
Ronin, a popular Ethereum sidechain was attacked on March 23 at 01:29:09 PM UTC
Here is the basic information about this attack:
The attacker’s address was 0x098b716b8aaf21512996dc57eb0615e2383e2f96 on Ethereum.
The attacked contract was Axie’s Ronin bridge deployed on Ethereum at:
0x1a2a1c938ce3ec39b6d47113c7955baa9dd454f2
The attack transactions can be viewed at:
https://etherscan.io/tx/0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7 and
https://etherscan.io/tx/0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08
The gas used to launch the attack was obtained from Binance.
Here is how the attack was carried out:
The attacker attacked Ronin’s cross-chain validator which was a conventional central server and therefore successfully controlled 5 nodes of all 9 nodes of Ronin thus being able to manipulate block validation. The attacker then initiated two transactions to exploit 173,600 ETHs and 25.5 million USDCs respectively. The attacker exchanged the USDCs for ETHs right after the attack succeeded. It was not until March 28, the attacker began to transfer the exploited ETHs to multiple addresses including FTX, Huobi, etc.
The total exploited assets in this attack were valued at around $600 million.
The attack was not detected until six days later. This reveals some vulnerability in the project’s risk control.
The vulnerability that was exploited in this attack was in the system that managed its private key.
Although the team utilize a system to decentralize its private key scheme, the system more specifically, the gas-free RPC node, itself had a backdoor such that the attacker eventually got the signature for the Axie DAO validator to abuse the system.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
Also, Read
The Best Bitcoin Hardware wallet | BitBox02 Review