Ronin Network, an Ethereum sidechain used for blockchain game Axie Infinity, was exploited for ~ $600 million, or 173,600 ETH and 25.5 million USDC, at the time of writing.
The Ronin team explained:
"Five validator private keys were hacked; 4 Sky Mavis validators and 1 Axie DAO. The validator key scheme is set up to be decentralized so that it limits an attack vector such as this, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator. This traces back to November 2021 when the Axie DAO validator was allowlisted to distribute free transactions. This was discontinued in December 2021, but the Axie DAO validator IP was still on the allowlist."
The most frightening thing about the hack is not the size, but rather the timing of realization. The Ronin team spotted the hack 6 days after it initially occurred!
Per Etherscan, all stolen ETH and USDC have been transferred to various wallets, DeFi protocols, and centralized exchanges (FTX and Crypto.com).
After the hack was reported, decentralized credit scoring and lending protocol, RociFi, tweeted that they had tagged the hacker’s addresses as high fraud risk previously.
Recently, RociFi has launched an initiative to drive fraudulent actors out of DeFi by given away their fraud analytics dashboard to DeFi users for free. Users will now have the ability to screen contracts and addresses before interacting with them.
The persistent DeFi exploits have split the community with some noting bearishness for the future of the industry.
While some highlight the benefits of DeFi’s self-governance and limitations to laundering large amounts of crypto.
Despite the continued ‘black eyes’ of hacks and scams in DeFi, the industry has made remarkable strides in it’s short existence. No one knows the future, but DeFi is likely to become more resilient in the long-term due to monumental hacks like this one.