Hackers stole cryptocurrency worth $600 million from a blockchain network used by players of the popular online game Axie Infinity in one of the biggest crypto heists.
Ronin Network, which faced the security breach on March 23, said computer nodes operated by Axie Infinity maker Sky Mavis and Axie DAO were compromised resulting in 173,600 ethereum and 25.5 million USD Coin being removed by unidentified hackers.
The attacker used hacked private keys in order to forge fake withdrawals, Ronin Network wrote in its newsletter post. The digital ledger discovered the attack on March 29 after a user failed to withdraw 5,000 ether.
Most of the hacked funds are still in the hacker's wallet, Ronin Network said, adding that it is working with law enforcement officials, forensic cryptographers, and its investors to make sure all funds are recovered or reimbursed.
The heist was valued at about $615 million at current prices, making it one of largest thefts ever in the crypto world.
"We moved swiftly to address the incident once it became known and we are actively taking steps to guard against future attacks," Ronin said, adding that it has halted the Ronin bridge that allows for transfers in and out of the network.
"Ronin is not immune to exploitation and this attack has reinforced the importance of prioritising security, remaining vigilant, and mitigating all threats," the digital ledger said. "We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks."
Highlighting how the attack happened, Ronin said, "Sky Mavis' Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis's four Ronin Validators and a third-party validator run by Axie DAO."
In order to prevent further short-term damage, Ronin said it would increase the "validator threshold" needed to approve transactions from five to eight, out of a total of nine validators.
"We are in touch with security teams at major exchanges and will be reaching out to all in the coming days," it said.
The network said it is working directly with various government agencies to ensure the criminals are brought to justice. "We are in the process of discussing with Axie Infinity / Sky Mavis stakeholders about how to best move forward and ensure no users' funds are lost," it added.