How hackers stole $ 600 million from Axie Infinity
Hackers exploit the Ronin network, which has low decentralization, hijacking authentication keys to make transactions.
According to security experts, building a private sidechain called Ronin is one of the differentiators that makes the game Axie Infinity strongly developed in recent years. However, the network’s authentication system was also a weakness and was the main cause of the March 23 attack, which cost the network hundreds of millions of dollars.
Graphics in Axie Infinity. Photo: Sky Mavis
Why did Sky Mavis build Ronin?
According to Arstechnicawhen newly built, Axie Infinity run directly on blockchain Ethereum. However, the characteristics of this blockchain are high transaction fees, while the transaction speed is slow. This gradually becomes a barrier to the development of the game when the number of users is increasing.
To solve that problem, in 2020, Sky Mavis started using a private blockchain parallel to the main blockchain (sidechain) to reduce the need to pay Ethereum “gas” fees for in-game transactions. Initially, Sky Mavis chose the sidechain from its third-party partner, Loom Networks. By March 2020, the company announced that it would stop using Loom, and also introduced the self-developed sidechain Ronin.
Unlike Ethereum’s PoW (proof-of-work) mechanism that uses the entire distributed blockchain network to validate transactions, Ronin operates using a PoA (proof-of-authority) mechanism. This mechanism uses a small set of carefully selected nodes for authentication. Another option that can be used is through exchanges like Binance or Katana to bridge in-game assets between Ronin and Ethereum. However, using an external exchange will also increase the process and costs if the transaction is on a large scale.
Ronin’s mechanism uses nine validator nodes. In fact, during the past time, the system only requires validation from 5 of these 9 nodes to complete a transaction. Using a small number of nodes is the key to helping Sky Mavis meet high transaction volumes at a much lower cost than the vast Ethereum network, experts say. But this also shows that the centralization of the network is not high, when the right to authenticate is in the hands of a few nodes.
This fact has paved the way for hackers to more easily control the nodes to conduct unauthorized transactions.
The amount of transactions that Ronin handles in multiple stages is higher than that of the Ethereum network. Photo: Nansen Research
Attack
In the Ronin Network report, the development team is “in the process of thoroughly investigating” to identify the issue. The team also admitted that five authenticator private keys were hacked. Notably, four of these five locks are controlled by the parent company Sky Mavis.
The fifth lock belongs to the Axie DAO – a form of decentralized organization. However, the hacker also managed to exploit this key from Sky Mavis itself through a backdoor of the system. Previously, in November 2021, due to the rapid growth of users, Sky Mavis requested the right to authenticate transactions on behalf of Axie DAO. As of December, this right has been discontinued, but has not been revoked.
With these five validator nodes, an attacker can provide enough validating signatures for any transaction they want on the system, resulting in fraudulent transactions.
Another problem being pointed out by researchers is the Ronin system’s ability to detect anomalous transactions. If it is true as announced by the team, the attack happened on March 23, but was discovered only after a user reported being unable to withdraw money on March 29, almost a week later. .
“For six days, no one detected illegal money transfers,” asked Wilfred Daye of Securifying Capital.
In a new announcement on the morning of March 30, Sky Mavis said it was working with a number of parties such as Chainalysis, Crowdstrike to track the stolen funds as well as set up monitoring tools. The company also confirmed that the attack was carried out from the outside, excluding insiders. In addition, “the evidence also indicates that this is a social attack technique rather than a technical flaw,” the Ronin team said.
After capturing the amount of digital money, including 173,600 Ether and 25.5 million USDC, the hacker transferred some of the stolen money to centralized exchanges such as Huobi, FTX. According to experts, this could be a clue to find the culprit because these exchanges all require KYC when dealing with large amounts of money.
Sky Mavis said it is working with law enforcement, cryptographic investigators and investors to ensure all funds are recovered or refunded. “All AXS, RON and SLP coins on Ronin are safe,” the Ronin Network announced.
Luu Quy (according to Arstechnica, Bloomberg)
at Blogtuan.info – Source: vnexpress.net – Read the original article here
