Ronin Network, an Ethereum-based sidechain created by Axie Infinity developer Sky Mavis to support its popular NFT-based game, was exploited by an unknown hacker and lost roughly $625 million worth of crypto on Tuesday. It may be the largest exploit in DeFi history.
The Ronin Network published a blog post explaining how its network was exploited for 173,600 ETH and 25.5 million USDC, and that it impacted the Ronin Network validator nodes for Sky Mavis.
It said it has since halted transactions on its Ronin Bridge and Katana Dex servers.
“We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed,” Ronin Network wrote. “The attacker used hacked private keys in order to forge fake withdrawals.”
This makes it the largest crypto theft on record, according to blockchain analysis firm Elliptic.
Ronin is used to power the popular online game Axie Infinity, which uses non-fungible tokens (NFTs) and is the biggest NFT collection by all-time sales volume, according to NFT market tracker CryptoSlam.
According to Reuters, Ronin had discovered the hack on Tuesday. “We are working directly with various government agencies to ensure the criminals get brought to justice,” it said, adding that it was discussing with Axie Infinity how to ensure no users’ funds were lost.
Ronin’s users are unable to withdraw or deposit funds on the network, it said.
Ronin told Reuters it was working with major blockchain tracker Chainalysis to trace the stolen funds. Most of the funds are still in the hacker’s digital wallet, Ronin said.
The native token of the Ronin network, RON, is down more than 22% on the news.
“Bridges are very hard to get right, and the attack surface is significantly greater than in normal DeFi projects,” said Adrian Hetman of Immunefi, a bug bounty and security services platform for the Web3 industry.
Hetman told CNBC that bridges are “still an area of development,” and the industry hasn’t yet established best practices for their use.
Vitalik Buterin, the creator of Ethereum, previously suggested that bridges won’t be around much longer in crypto, in part because there are “fundamental limits to the security of bridges that hop across multiple ‘zones of sovereignty.’”
Last August, crypto hackers stole over $600 million from cross-chain protocol Poly Network, which was called the largest crypto heist in history. However, most of the stolen funds were eventually returned.