How hackers stole $ 600 million from Axie?

How hackers stole $ 600 million from Axie?

31/03/2022
Share

Sky Mavis's low use of validator nodes, lack of decentralized factor, creates an opportunity for hackers to attack and take away more than 600 million USD from the Ronin Network bridge.

The fact that the Ronin Bridge was hacked by hackers and appropriated more than 600 million USD is a big event of the blockchain and security industry in Vietnam. Experts in the domestic blockchain security field pointed out that there are many problems with Axie Infinity's Ronin bridge, making it a target for hackers.

In addition, the security issue of projects built on blockchain is not being properly taken care of, leading to great property damage.

Cause of the hack

On the evening of March 30, Vietnam Blockchain Alliance held a seminar with Vietnamese blockchain and security experts on the topic of the Ronin Network bridge hack.

Discussing the cause of Ronin Bridge being hacked by hackers, Dr. Dang Minh Tuan, Head of Blockchain Lab, Lecturer at the Academy of Posts and Telecommunications Technology, said that Sky Mavis' Ronin Network platform is not open source, so the source code is not open. The available information is relatively limited.

According to Mr. Tuan, Ronin Network transactions use PoA (Proof of Authority) consensus mechanism with 9 nodes (nodes). Accordingly, each transaction on the system will be approved with 5/9 acceptance, providing digital signature.

post bai viet
Hackers attacked Ronin Network's verification nodes.

According to information provided by Ronin Network, the platform is suspecting that hackers have hacked into Sky Mavis's system to gain access to 4 nodes the company holds. The 5th node can be obtained from the Axie DAO, which is authorized by Axie to support the platform when the transaction volume is overloaded.

Ngo Minh Hieu, (Hieu PC), a technical expert at the National Cyber Security and Monitoring Center (NCSC), said that it is too early to determine the exact cause of the hack. because Ronin Network has not released much information. “The problem can come from smart contracts, the system or from insider threats,” Hieu PC shared.

post bai viet2
Sky Mavis uses few verification nodes and lacks decentralization in Ronin Network platform

Meanwhile, Tran Xuan Bac, a security expert at VBI, said that because Ronin Network uses a PoA consensus algorithm with a relatively small number of verifying nodes, with 5/9 to approve the transaction, it is more vulnerable to attacks. Binance's BNB Chain platform and consensus method using 21 nodes. Meanwhile, the PoW (Proof of Work) algorithm of Bitcoin or Ethereum has thousands of nodes.

In addition, the decentralization of Ronin Network is not appreciated by experts. Accordingly, 6 out of 9 verification nodes all belong to Sky Mavis or Axie, so when hackers attack the company, they can take over the transaction confirmation of the entire platform.

Besides, Mr. Bac said that there was also negligence in the security of Sky Mavis. Because the verification authorization for the AxieDAO node has stopped since December 2021 but has not been revoked so far. Adding to this comment, Dr. Dang Minh Tuan from Sky Mavis was late in detecting system errors.

“According to the information I received, a few days after the hacker made a transaction for $ 600 million, a user encountered an error when he could not withdraw a large amount of ETH from Ronin and reported it to the team. Then they checked and discovered the problem," Mr. Tuan shared.

Source: Zing.vn

SIGN UP TO GET NEWS

RELATED NEWS
(MPI) Tại Diễn đàn Thanh niên khởi nghiệp quốc gia năm 2022 diễn ra vào chiều 01/10/2022 với chủ đề “Thanh niên khởi nghiệp cùng đất nước phục hồi và phát triển sau đại dịch”, Thứ trưởng Bộ Kế hoạch và Đầu tư Trần Duy Đông đã tham gia phiên đối thoại chính sách giữa lãnh đạo Chính phủ và Thanh niên; Ký kết chương trình phối hợp giữa Bộ Kế hoạch và Đầu tư và Đoàn TNCS Hồ Chí Minh giai đoạn 2022-2027.
03/10/2022
Dong Thap, September 29, 2022– The National Innovation Center (NIC) in collaboration with the Department of Planning and Investment...
30/09/2022
Hanoi, September 22, 2022, National Innovation Center (NIC), Ministry of Planning and Investment and Visa...
26/09/2022
Vietnam Artificial Intelligence Day 2022 (AI4VN 2022) officially takes place in 02 days from September 22-23, 2022. This is the second time...
25/09/2022

CONTACT

Fill out the form below and our team will be happy to assist you

Communications

Phone: 08044838 / Email: info@nic.gov.vn

Business hours

Monday - Friday, 9am - 5pm
Weekend – Closed

Address

6B Hoang Dieu, Ba Dinh District, Hanoi