Takeaways
- Chainalysis says blockchain transparency is a barrier to large-scale cryptocurrency fraud.
- Axie infinity’s co-founder Aleksander Leonard Larson announced on Twitter Wednesday that the Ronin Network would receive several new validators.
Cashing out funds for the hacker that exploited Ronin Network and made approximately $625 million will be difficult.
Last week someone or a group attacked the Ethereum-linked sidechain that is used by blockchain game Axie infinity and stole 173,600 Ethereums (ether) as well as 25.5 millions USDC.
A statement on Tuesday said that the exploiter had used private keys hacked to forge withdrawals from March 23. Nearly a week after the breach, a user who was unable withdraw 5,000 Ethereum was alerted to it.
William Quigley is the co-founder and blockchain developer of WAX, which runs non-fungible token (NFT) platform WAX. He says that hackers tried to transfer 6,500 ETH stolen to three exchanges. Etherscan shows that all of the USDC stolen has been sent to different wallets, and protocols using DeFi.
According to the network, the majority of funds are still in the wallets of hackers. Aleksander Leonard Larson tweeted on Wednesday, that Axie Infinity is dedicated to making sure all the funds that were drained are reimbursed or recovered.
“Been an intense 36 hours,” Larson tweeted. “Our internal network is currently going through a deep forensics review to ensure there is no lingering threat.”
Quigley said Blockworks that selling the remaining 176,000 ETH would be difficult. He added that the exchange had blacklisted the address.
“Sky Mavis has also retained Chainalysis to ensure that any of the stolen ETH moved from this Ethereum address will be tracked,” “He said” “It doesn’t seem like the hacker will have much luck cashing out.”
Kim Grauer is Chainalysis’ director of research. He said the Poly Network attack in August, and its subsequent return of money, showed how difficult it was to pull off large-scale crypto thefts.
The criminally acquired fiat currencies can be transferred through “shady bank accounts” — and authorities rely on subpoenas and the cooperation of financial institutions to trace its path — Grauer said anyone can view transactions executed on public blockchains.
“With the inherent transparency of blockchains and the eyes of an entire industry on them, it’s difficult for any cryptocurrency hacker to escape with a large cache of stolen funds,” Grauer said. “In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet.”
What happened and what will happen next?
According to Chainalysis’ February report, illicit crypto transactions totaled $14 billion in 2018. While this marks a new high in illicit activity, total crypto-transaction volume is at its lowest level ever, with the growth of digital assets in 2021.
Quigley said that the latest hack is an anomaly, as it was a result of a Sky Mavis entity controlling four out of nine validator nodes in Ronin’s chain. The hacker gained control of a fifth node — good for a majority — run by Axie DAO.
Larson referred to the hack “a social engineering attack combined with a human error” Ronin added that they plan to expand the decentralization of their system by adding additional validators.
Rare is the case where a public awareness of a problem takes several days. “surprising,” Quigley said.
“Most people did not appear to know that Axie Infinity ran its own layer-2 blockchain on top of Ethereum,” “He said” “People playing Axie Infinity or providing liquidity to Ronin’s decentralized exchange, Katana, might have been more circumspect about depositing hundreds of millions of dollars on the Ronin Bridge if they knew Axie Infinity managed the passwords to five of the nine Ronin validator nodes.”
Quigley stated that Layer-2 chains have a higher vulnerability because they are operating on top another layer. The attack vectors also double. Exploits can be operational — when the parties running a system don’t have robust security practices — or code-related.
“Large complex systems, like fully featured layer-2 based blockchain games with hooks into other third-party platforms, is a vastly more challenging system to audit,” He said that the Ronin hack was a very operational attack.
Grauer says that hackers will target cross-chains more as they become increasingly valuable. Although the Ronin hack involved private keys that were hacked, most DeFi (decentralized financial) hacks can be attributed to software vulnerabilities.
“While not foolproof, a valuable first step towards addressing issues like this could be for extremely rigorous code audits to become the gold standard, both for those building protocols and for the investors evaluating them,” Grauer said. “Over time, the strongest, safest smart contracts can serve as templates for developers to build from.”
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
