The Ronin bridge and Katana Dex have been blocked after an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC), worth a combined $612 million at Tuesday's pricing, according to Axie Infinity's official Discord and Ronin Network's official Twitter thread, as well as its Substack website.
Its creators stated in a statement that they are "To ensure that all monies are recovered or refunded, we are actively working with law enforcement officials, forensic cryptographers, and our investors. Right now, all of Ronin's AXS, RON, and SLP tokens are safe."
The attacker utilized compromised private keys to fabricate bogus withdrawals, emptying the cash from the Ronin bridge in just two transactions, according to Ronin developers.
More crucially, the attack happened on March 23, but it was only detected on Tuesday because a user allegedly discovered problems after failing to withdraw 5,000 ETH from the Ronin bridge.
RON, Ronin's primary governance token, has dropped over 20% in the last hour to $1.88 at the time of posting.
More so, Sky Mavis' Ronin chain presently has nine validator nodes, and a deposit or withdrawal event requires at least five signatures to be recognized.
Sky Mavis's four Ronin validators and a third-party validator run by Axie Decentralized Autonomous Organization, or DAO, were among the five private keys obtained by the attacker. It took a long time to obtain unauthorized access to the latter.
In addition, Sky Mavis, the creator of the Axie Infinity and Ronin ecosystems, approached the Axie DAO in November, requesting assistance in distributing free transactions due to an increase in the number of users.
Note that Sky Mavis was whitelisted by the Axie DAO to sign transactions on its behalf, but the process was ended in December. Access to the whitelist, on the other hand, was not revoked.
The attacker secured the last signature from the Axie DAO validator after gaining access to Sky Mavis systems, completing the node threshold required for the unlawful siphoning of cash from Ronin.
The majority of the hacked cash are still in the attacker's wallet at the time of writing.