Search
Close
  • Home
  • Business News
  • Crypto News
    • Binance
    • Bitcoin
    • Cardoso
    • Dogecoin
    • Ethereum
    • NFT X Metaverse
    • Shiba in
    • Other alt coins
  • Market News
  • Technology News
  • Tools
    • Crypto Table
    • Exchange Rate
    • Currency Converter
Menu
  • Home
  • Business News
  • Crypto News
    • Binance
    • Bitcoin
    • Cardoso
    • Dogecoin
    • Ethereum
    • NFT X Metaverse
    • Shiba in
    • Other alt coins
  • Market News
  • Technology News
  • Tools
    • Crypto Table
    • Exchange Rate
    • Currency Converter
Search
Close
Home Crypto News

How The $600M Ethereum Ronin Bridge Hack Was Exposed 6 Days Later

GentrySTACK by GentrySTACK
March 29, 2022
in Crypto News, Ethereum
153
SHARES
1.9k
VIEWS
Share on FacebookShare on TwitterShare on Whatsapp

RelatedPosts

Lufthansa, Air France-KLM eye Flybe landing slots – report

U.S. President Biden to visit Poland -Polish president’s adviser

Debate Intensifies Over Significance and Implications of Ordinal Inscriptions on Bitcoin Blockchain

The Ethereum based bridge Ronin was hacked for $600 million in digital assets or 173,600 ETH and $25 million in USDC. This attack has become the largest in the history of decentralized finances (DeFi), surpassing the Poly Network hack which also exploited a bridge-rooted vulnerability.

Related Reading | BadgerDAO Pulls A Poly Network As It Begs Hacker To Return Stolen Crypto

The team behind Ronin posted a preliminary analysis of the attack and the security measures they took to prevent further losses. According to the post, trading activity across the decentralized exchange (DEX) Katana and Ronin has been halted.

In addition, Ronin claimed they are currently working with enforcement officials and others experts to “recovered or reimbursed” all funds. Funds in AXS, RON, and SLP on the bridge remain secure, as the post clarified.

Bad actors exploited a vulnerability in a series of Ronin validators and an Axie DAO validator which enable them to steal the funds. These were drained from the bridge solution in two transactions. The report added:

The attacker used hacked private keys in order to forge fake withdrawals. We discovered the attack this morning after a report from a user being unable to withdraw 5k ETH from the bridge.

As the post continued, the bad actors managed to take possession of a private key via validators controlled by Sky Mavis and the Axie DAO. The latter was compromised by “abusing” the gas-free RPC node from the Ethereum cross-chain solution.

The Sky Mavis validators were clear to sign Axie DAO transactions from previous cooperation. This provided the bad actors with an additional attack point. The post added:

Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC. We have confirmed that the signature in the malicious withdrawals match up with the five suspected validators.

Ethereum Bridge Hacker Used KYC Exchange

Ronin has increased its validator threshold for transactions from five to eight. This should prevent the short-term risk of further attacks.

The solution will migrate its nodes and will keep its bridge paused across multiple platforms. The bridge will be re-opened when “we are certain no funds can be drained”.

The team behind Ronin will work with on-chain analysis firm Chainalysis to track and monitor the stolen funds. Most importantly, they are talking with Centralized Exchanges (CEX) to block the addresses related to the bad actors.

However, because it took almost a week to discover the hack, the bad actors could have moved a portion of the funds to crypto exchange FTX AND Crypto.com. Sam Bankman-Fried, CEO at FTX, confirmed they are currently investigating, and they will take measures “if/where appropriate”.

An Optimistic Ethereum developer, a scalability solution, Kelvin Fichter commented on the hack after reviewing the report. Fichter believes that Sky Mavis running multiple Ronin nodes was a mistake, and pointed out the difference between this and other hacks:

This is very different from previous bridge hacks where the root cause was a smart contract bug. This is a much more “classical” hack of private keys in a multi-key security setup (…). I think the most fundamental error here was the reliance on validator-based bridges. The Ronin Bridge has a fundamental assumption that a majority of keys cannot be compromised. Clearly this assumption was broken.

Ronin also had a “minimal monitoring and alerting” system which gave the bad actors a head start. This gives the Ronin team a “bad look” but could be used as a security warning for similar solutions.

So some basic takeaways for now:
1. Validator bridges can work IF you have the engineering practices to maintain your security assumptions. This is not trivial.
2. Trust-minimized bridges are harder to build up-front but can be easier to secure down the line.

— smartcontracts 🔴✨ (@kelvinfichter) March 29, 2022

Related Reading | Why Poly Network Asked Hacker To Become Its Chief Security Advisor

As of press time, Ethereum (ETH) trades at $3,400 with a 17% profit in the last week.

Ethereum ETH ETHUSD
ETH with bullish momentum on the daily chart. Source: ETHUSD Tradingview
Share61Tweet38Send
GentrySTACK

GentrySTACK

Related Posts

Lufthansa, Air France-KLM eye Flybe landing slots – report

February 4, 2023

U.S. President Biden to visit Poland -Polish president’s adviser

February 4, 2023

Debate Intensifies Over Significance and Implications of Ordinal Inscriptions on Bitcoin Blockchain

February 4, 2023

Ukraine’s Zelenskiy says situation at the front getting tougher

February 4, 2023

U.S. pauses activity at three airports for “national security effort” amid questions about Chinese spy balloon

February 4, 2023

Tens of thousands of Israelis protest against justice reform plans

February 4, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest

Is The Ethereum Merge About To Have A Confirmed Delay?

April 15, 2022

Data Leak At Unchained Capital, NYDIG, Swan & BlockFi. At The Same Time

March 21, 2022

Fantom Foundation Responds To Andre Conje’s Departure

March 6, 2022

The Andy Milonakis NFT Show, EP. 20 – Goat Soup’s Dark Night Of The Soul

April 26, 2022

IRA Financial Breach: Hackers Snatch $36 Million From US-Based Fintech Startup

0

Bitcoin Hash Rate Balloons To Record High — Will Price Go Up As Well?

0

Ethical Blockchain: Are Crypto, NFTs And DeFi Bad For The Environment? Here’s Why They’re Not

0

Mexican Billionaire Says It Again: Buy Bitcoin Today — And Thank Him Later?

0

Lufthansa, Air France-KLM eye Flybe landing slots – report

February 4, 2023

U.S. President Biden to visit Poland -Polish president’s adviser

February 4, 2023

Debate Intensifies Over Significance and Implications of Ordinal Inscriptions on Bitcoin Blockchain

February 4, 2023

Ukraine’s Zelenskiy says situation at the front getting tougher

February 4, 2023

Categories

  • Binance (49,831)
  • Bitcoin (93,138)
  • Business News (98,600)
  • Cardoso (41,234)
  • Crypto News (49,079)
  • Dogecoin (41,234)
  • Ethereum (41,610)
  • Market News (86,385)
  • NFT X Metaverse (41,234)
  • Other alt coins (41,280)
  • Others (2)
  • Shiba in (41,234)
  • Technology News (85,811)

Coin Tori is the #1 Crypto and business blog you can always trust to feed you with the necessary infomation.

Facebook Twitter Linkedin Instagram

Categories

  • Business News
  • Crypto News
  • Technology News
  • Bitcoin
  • Binance
  • Cardoso
  • Other Alt Coin
  • Dogecoin
  • Ethereum
  • NFT X Metaverse
  • Shiba in
  • Market News
  • Others

Tool

  • Crypto Table
  • Exchage Rate
  • Currency Converter

All right reserved - Cointori

Designed By Gentry Stack

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. Read More
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
bitcoin
Bitcoin (BTC) $ 23,410.27 0.23%
ethereum
Ethereum (ETH) $ 1,678.66 1.29%
tether
Tether (USDT) $ 1.00 0.05%
bnb
BNB (BNB) $ 330.16 0.01%
usd-coin
USD Coin (USDC) $ 1.00 0.03%
xrp
XRP (XRP) $ 0.415117 1.08%
binance-usd
Binance USD (BUSD) $ 1.00 0.04%
cardano
Cardano (ADA) $ 0.404011 0.21%
dogecoin
Dogecoin (DOGE) $ 0.097633 6.58%
matic-network
Polygon (MATIC) $ 1.27 3.71%
  • Home
  • Currency Converter
  • Business News
  • Crypto News
  • Binance
  • Bitcoin
  • Cardoso
  • Dogecoin
  • Ethereum
  • NFT X Metaverse
  • Other alt coins
  • Shiba in
  • Market News
  • Others
  • Technology News
Menu
  • Home
  • Currency Converter
  • Business News
  • Crypto News
  • Binance
  • Bitcoin
  • Cardoso
  • Dogecoin
  • Ethereum
  • NFT X Metaverse
  • Other alt coins
  • Shiba in
  • Market News
  • Others
  • Technology News