620 million, breaking the record again: technical analysis and capital flow analysis of ronin bridge attack

SharkTeam 2022-04-04 13:13:51 阅读数:973

million breaking record technical analysis

3 month 29 Japan ,Ronin Official release ,Ronin Bridge Hacked , Hackers stole 173600 ETH as well as 25.5M USDC, According to the price at that time , About 6.25 Billion dollars .image.png

SharkTeam The technical analysis and capital flow analysis of this event were carried out for the first time , And summarizes the means of safety precautions , I hope the following blockchain projects can take warning , Build a security defense line for the blockchain industry .

One 、 Technical analysis

The attacker's address :0x098b716b8aaf21512996dc57eb0615e2383e2f96

The transaction for launching the attack is as follows :image.png

The funds for launching the attack came from Qian'an's wallet account , The deal is :

0xe0669bbaaa12cf5ecc682848ddc373a9b86e1351bccc01092b744099bf52a87dimage.png

The attacker's account received the money security wallet account Binance 20 The transfer , The transfer amount is 1.0569 Ether.

The first attack transaction is as follows :

0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7image.png In this transaction , The attacker from Ronin Bridge From the contract 172600 Ether.

The second attack transaction is as follows :

0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08image.png

In this transaction , The attacker from Ronin Bridge From the contract 25.5M Of USDC.

Both attack transactions call Ronin Bridge In the contract withdrawERC20For function :![image.png]image.png(https://img.learnblockchain.cn/attachments/2022/03/yqcS8OmB62450d9fe6a15.png)

We analyzed withdrawERC20For function , This function is extracting Token When you need 5 A signature :image.png

image.png there 5 Signature accounts are as follows :

0x11360eacdedd59bc433afad4fc8f0417d1fbebab,

0x1a15a5e25811fe1349d636a5053a0e59d53961c9,

0x70bb1fb41c8c42f6ddd53a708e2b82209495e455,

0xb9e59d56fd1632fc250935182bdd5c59188b2302,

0xf224beff587362a88d859e899d0d80c080e1e812

And the attacker obviously succeeded in obtaining this 5 The signature of a signer's account , Only in the end can the transaction succeed .

The attack took place in 2022 year 3 month 23 Japan , According to the Axie Infinity Official news , The attack was found in 3 month 29 Number , The user reported that it was not possible to download from Bridge Extract from 5k Ether after .

Two 、 Capital flow analysis

  1. Initial source of funds

Through Binance( Currency security ) The exchange withdrew money and got 1.0569ETH Capital of , As the initial funding for this attack .image.png

  1. Link capital analysis

Through Ronin Bridge Cross chain bridge contract acquisition 173,600 gold ETH and 25,500,000 gold USDC.image.png

The attacker will 25,500,000 gold USDC Transfer to... In five separate transactions 0xe708f Address and 0x6656 Address , And redeem from this address to get about 8564 gold ETH. Then the attacker will 6250 gold ETH Transfer to 5 An address , Other funds are still in the attacker's wallet address .image.png

image.png

  1. Capital flow tracking

Hackers transferred part of their funds to Huo coin and FTX, among 3750 gold ETH Transfer to Huobi,1250 ETH Transfer to FTX. In addition, there are 1 gold ETH Transfer to Crypto.com Address .image.pngimage.png

image.png

image.png

Surplus funds :

Address The amount of money (ETH)
0x5b5082214D62585D686850Ab8D9E3f6b6a5c58FF 1234
0xa9BFdC186c6Bcf058Fbb5Bf62046D7bC74E96Ce2 15
0x098b716b8aaf21512996dc57eb0615e2383e2f96 ( The attacker's address ) 175914

ChainAegis The online risk monitoring platform has started the real-time dynamic account monitoring of the above address :image.png

3、 ... and 、 Safety suggestion

The root cause of this safety incident is Axie Infinity Insufficient system security , As a result, the attacker can obtain the signature of the verification account , To steal Brige Digital assets in contracts . therefore , Suggest Axie Infinity The government has strengthened the security construction of the system .

SharkTeam Remind you , Be vigilant when setting foot in blockchain projects , More stable choice 、 More secure , The public chain and projects that have been audited for several rounds , Never put your assets at risk , Become a hacker's ATM .

SharkTeam As a leading blockchain security service team , Provide developers with smart contract audit services . Smart contract audit service consists of manual audit and automatic audit , Meet different customer needs , The exclusive implementation covers the high-level language layer 、 Virtual machine layer 、 Blockchain layer 、 Nearly 200 audit contents in four aspects of business logic layer , Fully protect the security of smart contracts .

Website: https://www.sharkteam.org/

Telegram: https://t.me/sharkteamorg

Twitter:https://twitter.com/sharkteamorg

More blockchain security consulting and analysis , Click the link below to view

D Check | Chain risk verification https://m.chainaegis.com/

版权声明:本文为[SharkTeam]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2022/03/202203311142537765.html