Ronin announced the details of the theft: it actually occurred on March 23, and the private keys of five verifiers were stolen

Chain catcher 2022-04-05 01:15:06 阅读数:43

ronin announced details theft actually

source :Ronin Blog

compile : Hu Tao , Chain catcher

Key points

  • Ronin Bridge stolen 173,600 ETH and 2550 ten thousand USDC.
  • Ronin Bridge and Katana Dex Has stopped using .
  • We're working with law enforcement 、 Cryptologists work with investors , To ensure that all funds are recovered or reimbursed .Ronin All the AXS、RON and SLP It's safe now .

Earlier today , We found out 3 month 23 Japan ,Sky Mavis Of Ronin Validator nodes and Axie DAO The verifier node is corrupted , Resulting in two transactions (1 and 2) In the from Ronin Bridged 173,600 An Ethereum and 2550 Thousands of dollars in USDC. The attacker uses the hacked private key to fake cash withdrawal . We reported this morning that users cannot extract from the cross chain bridge 5k ETH Found the attack . 


More information about the attack


Sky Mavis Of Ronin The chain is currently made up of 9 It consists of two verification nodes . To identify deposit events or withdrawal Events , Five of the nine verifiers need to sign . The attacker managed to control Sky Mavis The four one. Ronin Verifier and one by Axie DAO Run a third-party verifier . 

The verifier key scheme is set to decentralized , Therefore, it limits the attack direction similar to this , But the attacker passed through our nothing gas RPC The node found a back door , They abused the back door to get Axie DAO The signature of the verifier .  

It goes back to 2021 year 11 month , at that time Sky Mavis request Axie DAO Help distribute free deals , Because the user load is huge .Axie DAO allow Sky Mavis Sign various transactions on its behalf . This was done on 2021 year 12 Monthly stop , But the permission list access is not revoked . 

Once the attacker gets Sky Mavis Access to the system , They will be able to do this through the use of gas RPC from Axie DAO The verifier gets the signature . 

We have confirmed that the signature in the malicious withdrawal matches five suspicious verifiers .


The actions taken


  1. Once the incident came to light , We acted quickly , And actively take measures to prevent future attacks . To prevent further short-term damage , We will change the verifier threshold from 5 An increase to 8 individual .
  2. We are in contact with the security team of major exchanges , And will contact everyone in the next few days . 
  3. We are migrating our nodes , This is completely separate from our old infrastructure .
  4. We temporarily suspended Ronin Bridge, To ensure that no further attack direction remains open .Binance They are also disabled from Ronin The bridge between , With caution . Once we're sure there's no money to run out of , The bridge will open later . 
  5. Due to the inability to arbitrage and to Ronin Network Deposit more money , We have temporarily disabled Katana DEX. 
  6. We are in contact with Chainalysis Cooperate to monitor stolen funds . 

next step  

We are working directly with various government agencies , To ensure that criminals are brought to justice . 

We are in contact with Axie Infinity / Sky Mavis Stakeholders discuss how best to advance and ensure that there is no financial loss to users . 

Sky Mavis For a long time , And will continue to build . 


Community Q & A


Why is the verifier threshold only 5 individual ?

first ,Sky Mavis I chose 9 Of the three thresholds 5 individual , Because some nodes don't catch up with the chain , Or stuck in sync . Looking forward to the future , The threshold will be eight out of nine . as time goes on , We will expand the set of validators on the accelerated timeline .

Where are the funds now ? 

Most of the stolen funds are still in hackers' wallets :https ://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96

How did this happen ?

We are conducting a thorough investigation . 

Five verifiers' private keys were stolen :4 individual Sky Mavis Verifier and 1 individual Axie DAO.

The verifier key scheme is set to decentralized , To limit the direction of such attacks , But the attacker passed through our nothing gas RPC The node found a back door , They abused the back door to get Axie DAO The signature of the verifier .  

It goes back to 2021 year 11 month , at that time Axie DAO The verifier is included in the list of licenses to distribute free transactions . This was done on 2021 year 12 Monthly stop , but Axie DAO Validator IP Still on the permit list . 

Once the attacker gets Sky Mavis Access to the system , They will be able to do this through the use of gas RPC from Axie DAO The verifier gets the signature . 

We have confirmed that the signature in the malicious withdrawal matches five suspected verifiers .

I use Ronin Is it safe? ?

As we can see ,Ronin Nor can it survive , This attack reinforces priority security 、 The importance of being vigilant and mitigating all threats . We know we need to win trust , And we are using all the resources at our disposal to deploy the most complex security measures and processes , To prevent future attacks . 

Why do we now receive notification of violations ? 

Sky Mavis Team in 3 month 29 Security vulnerabilities were discovered on the th , Previously, it was reported that users could not extract from the cross chain bridge 5000 ETH.

Ronin Are your funds at risk ?

Ronin Upper ETH and USDC All the deposits have been stolen from the bridge contract . We're working with law enforcement 、 Cryptologists work with our investors , To ensure no loss of user funds . This is our top priority now .

Ronin All the AXS、RON and SLP It's safe now .

This is true of Ronin Network What does it mean to have users with funds on ?

Up to now , The user cannot send a message to Ronin Network Withdraw or deposit funds .Sky Mavis Committed to ensuring the recovery or repayment of all exhausted funds .

版权声明:本文为[Chain catcher]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2022/03/202203301645360492.html