Skip to content

Ronin Network exploited for 173,600 ETH and 25.5M USDC

  • by
  • 2 min read
Top 7 Bitcoin alternatives every crypto investor should check out

The Ronin network was exploited on March 23 when the Sky Mavis’ Ronin validator nodes and Axie DAO validator nodes were compromised, causing a loss of 173,600 Ethereum and 25.5M USDC in two separate transactions totalling about $625 million. The breach was discovered Tuesday morning after a user couldn’t withdraw 5000 Ethereum from the platform and reported it to the team. 

The platform is working with Chainalysis to monitor the stolen funds and is migrating their nodes, wholly separated from their old infrastructure. The Ronin Bridge has also been temporarily paused to close any open attack vectors. 

As for the users impacted, Ronin has reported that it is in the process of discussing with Axie Infinity (a game based on the Ronin blockchain) and Sky Mavis stakeholders about how to best move forward and ensuring no user funds are lost. They also reported working with “various government agencies” to ensure that perpetrator gets brought to justice.

In the News: Messenger now supports Slack-like commands

Yet another DeFi hack

Five validator private keys were hacked, four from Sky Mavis validators and one from Axie DAO. Five out of the nine validator signatures are needed to complete a withdrawal or deposit on the platform. This scheme is set up to be decentralised to limit attack vectors like these. 

The attacker, however, found a backdoor through the platform’s gas-free RPC node and abused it to get the signature for the Axie DAO validator. After this, the attacker gained access to Sky Mavis systems and was able to get the signature from the Axie DAO validator by using the gas-free RPC. 

Can cryptocurrency replace fiat currency? Why does its value change?

Once the attacker had access to all five keys, they could make withdrawals from the platform quietly without anyone noticing. The company has also confirmed that the signature in the attacker’s withdrawals matches up with the suspected validators. 

Since the Bridge has been temporarily suspended, users can’t withdraw or deposit funds on the platform. However, Sky Mavis is working on ensuring that all the drained funds are either recovered or reimbursed. 

In the News: Yandex is harvesting user data using its mobile SDKs

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: