For quite some time now, multi-chain or Çapraz zincir technology has become a holy grail in the cryptocurrency development space. People want to transact with other blockchains by leveraging bridges to different ecosystems. For example, Ethereum co-founder and developer Vitalik Butterin tweeted a link to a Reddit post on 8 January, 2022.
He discussed his belief in a multi-chain future but expressed doubt concerning cross-chain ecosystems. In his argument, Buterin atıf the “fundamental security limits of bridges” as the key reason for his disapproval of a cross-chain environment.
Although, he didn’t expect hiccups to arise any time soon. But note this – as the volume of cryptocurrency held in bridges grew, the incentive to attack them too.
Since then, hackers have tehlikeye more than $1B despite such warnings.
Look away, Vitalik
Ronin Ağı, Bir Ethereum-based sidechain tarafından yaratıldı Axie Sonsuzluk geliştirici Gökyüzü Mavis is trending for the wrong reason. Hackers stole nearly $600 million worth of Ethereum & USDC tokens from the Ronin Bridge that connected different blockchains.
tarafından yayınlanan bir blog yazısına göre the Ronin Network’s official Substack, the exploit affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.
Ronin Ağında bir güvenlik ihlali oldu.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) 29 Mart, 2022
Bir yetkiliye göre ifade on Tuesday, the attacker “used hacked private keys to forge fake withdrawals” from the Ronin bridge contract in two transactions. Per the blog post, the Ronin sidechain consisted of nine validator nodes.
Five out of the nine validator signatures are required to process a deposit or withdrawal. Indeed, done to prevent hacks of this nature. (For context, Ethereum has around 300,000 validators, while Solana has closer to 1,000)
However, the blog post added:
“The attacker found a backdoor through our gas-free RPC node. They abused to get the signature for the Axie DAO validator.”
The Ronin bridge and Katana Dex got durduruldu after suffering an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Para Birimi (USDC). At press time, it would be worth a combined $612 million.
Tüm fonların geri alındığından veya geri ödendiğinden emin olmak için kolluk kuvvetleri yetkilileri, adli kriptograflar ve yatırımcılarımızla birlikte çalışıyoruz. Ronin'deki tüm AXS, RON ve SLP şu anda güvende.
— Ronin (@Ronin_Network) 29 Mart, 2022
Just a headstart?
Now, here are some interesting insights into this heist. The said exploit took place on 23 March, only discovered a week later, when one user failed to withdraw 5,000 ETH.
Around 6,250 ether, or $21 million moved out of the attacker’s wallet address, including several ETH transferred to FTX Exchange, according to etherscan.
Imagine stealing 600 million 6 days ago and depositing money on @FTX_Officialhttps://t.co/nYWYC1jJ1J pic.twitter.com/YGzr7uyk5Q
- Igor Igamberdiev (@FrankResearcher) 29 Mart, 2022
Ahead of the exploit, the same wallet interacted with Binance, and other wallets connected to the hacker have since made deposits to FTX ve Crypto.com. Başına Wu Blok Zinciri, the latest exodus took place as follows:
At 5:11:46 PM UTC on March 29, a total of 3750 ETH was transferred from three Ronin Bridge hacker address wallets into Huobi. The Ronin Bridge hack rarely intersects with many centralized exchange addresses. Previously transferred to FTX. https://t.co/T8OY9VKWeP
- Wu Blockchain (@WuBlockchain) Instagram Profilini Görüntüle 30 Mart, 2022
Sonraki adımlar
The Ronin team said it had increased the minimum number of validator signatures required for a deposit or withdrawal to eight in response to the incident. Different platforms had showcased support for the affected protocol post suffering this massacre. For instance, Binance’s CEO tweeted:
Ekibimiz, bu sorunun izlenmesinde yardım sağlayan AxieInfinity ekibiyle temas halindedir. https://t.co/pNU4wwrCAq
-ÇZ? Binance (@cz_binance) 29 Mart, 2022
Major damage: Fiyatı RON, a token used on the Ronin blockchain, dropped about 22% after the hack. AXS, a token used in Axie Infinity, fell around 10.5% simultaneously. Başına göre Bloomberg’s data, this hack stood at number two in terms of crypto hacks (valuation).
At the time of publication, most of the hacked funds are still sitting inside the attacker’s cüzdan.
Source: https://ambcrypto.com/ronins-612-million-hack-exposes-these-vulnerabilities-of-cross-chain-bridges/