W o r l d . C r y p t o . G l o b a l

Loading

Welcome at World Crypto Global. This portal is packed with useful content and resources to built out your own crypto skills. WorldCrypto is a site member of Gabriel Vega Network.

Contact Info

CATEGORY: ronin hack


Post the $600M Ronin Hack the Team Is Sprucing up its Security Measures

Author: Vignesh Karunanidhi
Estonia
Apr 28, 2022 07:15

Post the $600M Ronin Hack the Team Is Sprucing up its Security Measures

Following the $600 million Ronin attack late last month, the Ronin Network and Sky Mavis have promised to improve their smart contracts, pay large bug bounties, and tighten up security. An exploit for 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), valued at more than $612 million at the time, was discovered on the […]

Apr 13, 2022 08:25

The Ronin Hack Aftermatch: Axie Infinity’s $1M Bug Bounty

The popular blockchain game Axie Infinity has been left shaking after the $650 million Ronin bridge hack. The studio behind the game, Sky Mavis, has been taking multiple measures to try to secure the network and win back the confidence of users. The latest move announced is a $1 million bug bounty program that invites white hat hackers to stress test the blockchain. Co-Founder and COO of Sky Mavis and Axie announced: “Calling all whitehats in the blockchain space. The Sky Mavis Bug Bounty program is here. Help us keep the Ronin Network secure while earning a bounty up to $1,000,000 in bounty for fatal bugs.” The Ronin Hack On March 23rd, a hacker was able to scoop $600 million from the Ronin bridge. It is the largest hack in the history of decentralized finances so far. The Ronin Network team confirmed that Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised as the attacker used “hacked private keys in order to forge fake withdrawals.” The attack was uncovered after the attacker was unable to withdraw 5k ETH from the bridge. But it was too late, as they had already drained 173,600 Ethereum and 25.5M USDC from the Ronin bridge in two transactions. The Ronin team stated that they are working with law enforcement officials, forensic cryptographers, and investors “to make sure all funds are recovered or reimbursed,” and added that “All of the AXS, RON, and SLP on Ronin are safe right now.” “While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack. It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this.” As a response, the Sky Mavis team raised $150 million led by crypto exchange Binance with participation from Animoca Brands, a16z, Dialectic, Paradigm, with the goal to reimburse all the funds stolen during the hack to the affected users. Since then, the team has been working with Chainalysis and Crowdstrike “to monitor the stolen funds” and “to handle forensics and the setup of surveillance tools.” Bridges can be a vulnerable point for blockchain projects, and this hack set a big warning about it. Bridges connect blockchains with the purpose of enabling transactions between tokens built on different ecosystems. However, bridges have a complex code and don’t have enough security standards yet, and hackers are gazing upon them to spot any vulnerability. Related Reading | Hacker Scoops Up $2 Million Bounty After Spotting Fatal Flaw In Ethereum Rollup $1M Bounty Bridges can be so complex that it is not 100% clear if code auditing is enough to ensure the Ronin bridge’s safety. The Ronin team had stated that they are in the process of “implementing rigorous internal security measures to prevent future attacks.” “The Ronin Network bridge will open once it has undergone a security upgrade and several audits, which can take several weeks.” Now, they are calling in all white-hat hackers of the blockchain to search for vulnerabilities in exchange for a handsome reward. The team has given a list of products that should be stress-tested while prioritizing smart contracts and blockchain, websites, and apps. They noted that the only vulnerabilities that are considered eligible for monetary rewards are those with a working proof of concept that shows how they can be exploited. Rewards for Smart Contracts and Blockchain vary from $1,000 to $1,000,000, and for Web and Apps, they vary from $50 to $15,000. All rewards will be paid in AXS tokens and only a specified portion of the received funds can be liquidated per month. “It is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $1,000,000″ the announcement stated and added that “Sky Mavis may award an additional reward bonus for exceptional reports.· Axie Infinity (AXS) Price For the past weeks, Axie Infinity’s token AXS has been tumbling, falling around 30% after the hack. However, traders are watching out for a breakout above the key resistance level of $58 as the current zone has previously served for accumulation, which could mean a rebound for AXS. However, there also seems to be a risk to trigger a head-and-shoulders pattern, which could sink AXS further down. The token is down 0.09% in the last 24 hours. Related Reading | Axie Infinity Smooth Love Potion (SLP) Explodes With 300% Gain This February

Axie Infinity's Ronan Network Hack Actually WORSE Than Previously Reported - Now Crypto's 2nd Largest Crime...

Author: noreply@blogger.com (Silicon Valley Newsroom)
United States
Mar 30, 2022 12:35

Axie Infinity's Ronan Network Hack Actually WORSE Than Previously Reported - Now Crypto's 2nd Largest Crime...

The amount initially reported at the time of the incident was $540 million, that has now risen to $615 million by the time of publishing this article - this is now crypto's second-largest crime.

When a user reported being unable to withdraw money from the Ronin bridge six days after the heist, Ronin Network developers detected the hack Tuesday morning.

The Ronin Network, an Ethereum side chain, is largely utilized as the payment rails for the popular play-to-earn game Axie Infinity, providing game players with lower transaction fees.

The incident occurred on March 23 when the attackers used hijacked private keys to "create bogus withdrawals" through a backdoor method, emptying 173,600 ether (ETH) and 25.5 million of the stablecoin, USD coin, according to a blog post from the Ronin network (USDC).

Validator nodes are used in blockchains to validate, vote on, and keep track of transactions. Ronin is made up of nine distinct validator nodes. Five of the nine nodes must approve a withdrawal or deposit in order for it to be recognized.

According to the Ronin Network, attackers obtained a signature by exploiting a backdoor flaw in the decentralized autonomous structure of the play-to-earn game.

“As of right now users are unable to withdraw or deposit funds to Ronin Network. Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed,” Ronan network says.

Stolen funds were done in 2 transaction to this wallet: https://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96

Strange Decisions - Perhaps NOT Dealing With Sophisticated Hackers?

In a surprising move, some has been transferred into accounts on the crypto exchange FTX - a centralized exchange that works with law enforcement and will surely return the stolen funds it possesses. 

There's new movement on the wallet as well, it appears they're trying to use a bridge to move some of the remaining funds to another blockchain.

Limited Options...

Where would they go from here? It's important to understand how every option is a bad one.  Mixers that scramble transactions of multiple peoples coins then spit them back out, in theory making them untraceable, do not have nearly enough liquidity to leave the hackers with any real progress.  Maybe 0.5% per day could be 'cleaned' this way. 

The public data on privacy coins would also make it obvious which wallet belongs to them - they simply have too much to stay under the radar

Worst case is they're able to take an amount small enough to use some of the very limited 'tricks' available.  Making this an incredibly stupid decision - being guilty of stealing over $600 million, while hoping to be able to walk away with maybe $5 million of it in the end. 

In Closing...

While this may sound like a disaster, software exists today used by exchanges and law enforcement capable of tracking every step these coins take.  Spending any of this in the real world will be nearly impossible.  The things people normally do with millions of dollars, like luxury travel, homes, cars, are all things that would instantly expose the identity of the criminals.

Most or all of the funds are likely to be returned.  

-----------
Author: Ross Davis
Silicon Valley Newsroom
GCP | Breaking Crypto News

Subscribe to GCP in a reader

Feb 24, 2024 12:05

Axie Infinity Co-Founder Losses Over $10 Million In Hack, AXS Holds Firm

Two personal crypto wallets belonging to Jeff “Jihoz” Zirlin, the co-founder of Sky Mavis, the company behind the popular play-to-earn (P2E) game Axie Infinity, have been compromised, reports on February 23 show. Following this hack, over $10 million worth of various crypto assets were stolen, primarily RON, the native token of Ronin Chain, the Ethereum sidechain designed explicitly for Axie Infinity. Axie Infinity Co-Founder Losses Over $10 Million In Hack According to Lookonchain data, the hacker got away with 3.2 million RON worth over $9.53 million. The co-founder also lost over $834,000 worth of Wrapped Ethereum (ETH). There were other small amounts of PIXEL, the native token of Pixels–a gaming platform; SLP, the coin priming Axie Infinity’s metaverse; and USDC, a stablecoin.    Zirlin held around 164 AXS worth less than $1,300. The hack has shown an unexpected holding pattern, especially among project founders. That the co-founder only held 164 AXS is strange, considering the role played in Axie Infinity. The P2E game has distributed billions of assets since its popularity peaked in the last bull cycle. Related Reading: Arbitrum In Freefall, Dips Below $2 As Experts Analyze Recovery Timelines Stolen assets, Lookonchain data reveals, were reportedly converted to ETH and deposited into Tornado Cash, a crypto mixer whose co-founders have an ongoing court case in the United States. In charges brought forward in August 2023, the prosecution team alleges that North Korean hackers used Tornado Cash to launder millions, if not billions, of dollars worth of stolen coins. Some of these tokens were from the Ronin hack, which lost over $600 million in March 2022.  Dedicated To Mission; RON And AXS Post Minor Losses Zirlin confirmed the hack on X on February 23, emphasizing that it was “limited to my accounts.” The hack did not affect the Ronin chain or Sky Mavis operations. The co-founder also added that the compromised private keys were not connected to the company’s internal systems. Related Reading: Bitcoin Bullish Outlook: Analyst Predicts Near-Term Surge To $61,000 Zirlin said they have “strict security measures in place for all chain-related activities to assuage fears.” The co-founder also remains upbeat, assuring concerned crypto community members that the project will continue pursuing its mission of bringing “economic freedom” to all users. So far, AXS and RON prices remain stable but lower, looking at the performance in the daily chart. AXS and RON have been edging lower since February 21, cooling off after sharp gains from early Q4 2023.  Feature image from Canva, chart from TradingView

Apr 19, 2023 05:50

MetaMask refutes wallet exploit claims – ‘not a MetaMask-specific exploit’

MetaMask, a leading Web3 wallet provider, is currently embroiled in a dispute over claims that its wallet was exploited in a massive “wallet-draining operation” — resulting in the disappearance of over 5,000 Ethereum (ETH). As reported by CryptoSlate on April 18, these allegations surfaced after Taylor Monahan — a MetaMask developer and founder of MyCrypto […]

The post MetaMask refutes wallet exploit claims – ‘not a MetaMask-specific exploit’ appeared first on CryptoSlate.

Your Crypto Gateway

Claim 1,000
Free WCG Coins

World Crypto Global opens the door to digital freedom for everyone.
Manage your free WCG Coins securely—where simplicity meets global accessibility.

11 bn

FREE CRYPTO COINS

8.9 bn

AVAILABLE FOR RESERVATION

2.1 bn+

ALREADY ALLOCATED

× WCG Coin

🎉 Get 1,000 WCG Coins

No fees. No catch. Your crypto journey starts here.