SharkTeam 2022-04-04 13:13:51 阅读数:973
3 month 29 Japan ,Ronin Official release ,Ronin Bridge Hacked , Hackers stole 173600 ETH as well as 25.5M USDC, According to the price at that time , About 6.25 Billion dollars .
SharkTeam The technical analysis and capital flow analysis of this event were carried out for the first time , And summarizes the means of safety precautions , I hope the following blockchain projects can take warning , Build a security defense line for the blockchain industry .
The attacker's address ：0x098b716b8aaf21512996dc57eb0615e2383e2f96
The transaction for launching the attack is as follows ：
The funds for launching the attack came from Qian'an's wallet account , The deal is ：
The attacker's account received the money security wallet account Binance 20 The transfer , The transfer amount is 1.0569 Ether.
The first attack transaction is as follows ：
0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7 In this transaction , The attacker from Ronin Bridge From the contract 172600 Ether.
The second attack transaction is as follows ：
In this transaction , The attacker from Ronin Bridge From the contract 25.5M Of USDC.
Both attack transactions call Ronin Bridge In the contract withdrawERC20For function ：![image.png](https://img.learnblockchain.cn/attachments/2022/03/yqcS8OmB62450d9fe6a15.png)
We analyzed withdrawERC20For function , This function is extracting Token When you need 5 A signature ：
there 5 Signature accounts are as follows ：
And the attacker obviously succeeded in obtaining this 5 The signature of a signer's account , Only in the end can the transaction succeed .
The attack took place in 2022 year 3 month 23 Japan , According to the Axie Infinity Official news , The attack was found in 3 month 29 Number , The user reported that it was not possible to download from Bridge Extract from 5k Ether after .
Through Binance（ Currency security ） The exchange withdrew money and got 1.0569ETH Capital of , As the initial funding for this attack .
Through Ronin Bridge Cross chain bridge contract acquisition 173,600 gold ETH and 25,500,000 gold USDC.
The attacker will 25,500,000 gold USDC Transfer to... In five separate transactions 0xe708f Address and 0x6656 Address , And redeem from this address to get about 8564 gold ETH. Then the attacker will 6250 gold ETH Transfer to 5 An address , Other funds are still in the attacker's wallet address .
Hackers transferred part of their funds to Huo coin and FTX, among 3750 gold ETH Transfer to Huobi,1250 ETH Transfer to FTX. In addition, there are 1 gold ETH Transfer to Crypto.com Address .
Surplus funds ：
|Address||The amount of money （ETH）|
|0x098b716b8aaf21512996dc57eb0615e2383e2f96 （ The attacker's address ）||175914|
ChainAegis The online risk monitoring platform has started the real-time dynamic account monitoring of the above address ：
The root cause of this safety incident is Axie Infinity Insufficient system security , As a result, the attacker can obtain the signature of the verification account , To steal Brige Digital assets in contracts . therefore , Suggest Axie Infinity The government has strengthened the security construction of the system .
SharkTeam Remind you , Be vigilant when setting foot in blockchain projects , More stable choice 、 More secure , The public chain and projects that have been audited for several rounds , Never put your assets at risk , Become a hacker's ATM .
SharkTeam As a leading blockchain security service team , Provide developers with smart contract audit services . Smart contract audit service consists of manual audit and automatic audit , Meet different customer needs , The exclusive implementation covers the high-level language layer 、 Virtual machine layer 、 Blockchain layer 、 Nearly 200 audit contents in four aspects of business logic layer , Fully protect the security of smart contracts .
More blockchain security consulting and analysis , Click the link below to view
D Check | Chain risk verification https://m.chainaegis.com/