Out of all the crypto hacks that have plagued the ecosystem, the recent Ronin Network hack that was executed on the 23rd of March, 2022 has become the largest ever Crypto Theft and earned its No.1 spot on the list.

In this article we will deep dive in to what went down and what steps are being taken to nab the Hacker

HACK worth

The Ronin Network was drained out of $625 Million ETH & USDC. This has led a big blow to the entire Ronin Network and it’s ecosystem, with multiple exchanges blocking Axie Infinity wallet deposits and withdrawal.

There have been previous hacks where hackers have made use of a security loophole in the code of the bridge, but this particular hack in question was executed in quite a different manner. Let me explain…

The Ronin bridge follows a 5-of-9 validator bridge framework, which means that the entire set of funds in the ecosystem are secured by 9 secret keys and funds can be moved in-and-out by using only 5 amongst the 9 keys. So the hacker basically found a loophole in the code and managed to get access to 5 keys through backdoor access on the Ronin bridge node.

The hacker located a backdoor through Ronin networks “Gas-free RPC node”

So with the hacker now in possession of the 5 keys, he/she could easily transfer the funds out of the network without raising any sort of suspicion. This attack went unnoticed for 6 days before raising an alarm. Funny thing, AXS price pumped by 46.27% while the hack was executed and funds being moved (chart below)

Usually a network hack will always involve the hackers finding vulnerability within a smart contract, which will allow hackers to either change code and drain funds by changing the interacting mechanism of the smart contract, but the Ronin Network hack was a classic hack of retrieving the private keys in a multi-key security setup. Exactly the kind of hack a retail trader faces while receiving a malicious email from a fake cold wallet provider and on interacting with the mail, the naive trader gives away access to their private keys.

Flow of Funds

The hack had the network drain of 173,600 ETH and $25.5 Million in USDC. The hacker then started to move funds to multiple centralised exchanges, namely FTX, Huobi & Crypto (dot) com

Most of the stolen funds are still in the hackers original wallet. How do we know that? That’s the beauty of blockchain and public ledger.

The hackers original wallet address where the funds were transferred: 0x098B716B8Aaf21512996dC57EB0615e2383E2f96

The transactions of the wallet showed the hacker previously had very low amount of ETH stored on it and that ETH was used for gas fees for the transfer to exchanges.

The outflow looks like this currently:

  • 1220 ETH moved to an account on FTX
  • 3750 ETH moved to multiple accounts on Huobi
  • 1 ETH moved to CryptoCom wallet

The Hackers despair

The majority of the funds are still lying in the hackers wallet and with the hack now in public eyes, and with multiple exchanges tracking the wallet activity, with some exchanges even suspending transfer and withdrawals… the hacker has very slim chances of escaping now.

We all are aware of our crypto wallets being available on public ledger and this has made it possible to see the movement of the stolen funds. Every transfer out from the main wallet is showing up for scrutiny with the receiving wallet address also being exposed. It’s not like the hacker can remain dormant for 5 years and reset the history. It will always live and once the wallet address is flagged, any activity from the mentioned wallet will pop-up publicly.

Statement from the Team

Aleksander Larson, The COO of Axie Infinity, tweeted that the “internal network is currently going through a deep forensics review to ensure there is no lingering threat.” He also admitted that it was a “social engineering attack combined with a human error from December 2021” that led to the incident.

Currently they are trying to recover the stolen funds and also have declared to reimburse the affected users who lost their funds due to the hack.

Basic learning from this incident

Firstly, discovering the entire incident after almost a weeks reflects very poorly on the team. This kind of mistake was not worth 3 or 5 ETH, it was 173,600 ETH that was drained from the network and someone should have noticed it right away.

The USDC has been transferred to various wallets and DeFi protocols, but the ETH is almost useless to the hacker now and all the wallets involved in the transaction of moving the stolen funds are being blacklisted by the exchanges.

Cross-chain bridges are a boon with the scalability solutions and interactive framework it brings in between different blockchains, but this has also made them an attractive target to hackers. Also, security protocol and framework needs to be upped by the teams across the board. Currently the Ronin Network has moved from 5-of-9 to 8-of-9 validator mechanism and is undergoing major security scrutiny to prevent such an happening again in the future.

Such hacks will happen irrespective of the sector. We cannot blame crypto for it. Even today multiple banks face data leaks of customer confidential details and we just have to accept this as part of technology. There will always be bad actors in every Eco-system, digital or real-world.

Start your crypto trading journey with India’s safest crypto exchange CoinDCX with multiple offerings, such as, CIP (crypto investment plan), Margin Trading, multiple pairs, P&L tracking, easy deposits and withdrawals.

A huge thank you to CoinDCX for giving me the opportunity to be a part of the #CoinDCXpathbreaker program and enabling me to share my knowledge with the crypto community!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohnish Isaac Kariappa

I make use of advanced Technical Tools and On-Chain Data to make crypto easy to understand for everyone in the crypto community. #CoinDCXpathbreaker