Hackers stole 173,600 ETH and 25.5 million USDC from the platform
The Ronin bridge exploit has caused a serious drop in activity in both the Axie Infinity game and the corresponding NFT marketplace. The game saw an 11% decrease in active players in the past 24 hours. Its native marketplace lost 17% of its user base compared to the day before. Yesterday Sky Mavis broke the news that a hacker exploited the Ronin bridge for a total of more than $600 million.
A visible drop in activity has spread across all dapps in the blockchain ecosystem, including Ronin’s native decentralized exchange Katana. The negative effect is also spreading to the game’s native tokens AXS and SLP. DappRadar has taken a deeper look at the consequences following the now notorious Ronin bridge exploit.
Axie Infinity takes a hit
Unfortunately, as news of the exploit spread, the whole Axie Infinity ecosystem felt the shock. In the past 24 hours, activity on the Axie Marketplace dropped more than 17%. What’s more, the platform generated approximately 30% less in volume.
Axie Infinity NFTs also felt the hit, as volume for one of the most traded NFT collections dropped by over 20%. The number of active traders also decreased significantly. The collection’s market cap also shrunk by 33% to just over $11 million.
When it comes to Axie Infinity itself, the game saw an 11% decrease in active players and a drop in transactions. Interestingly, the volume processed by the platform shot up more than 41%. This number comes from people moving tokens from one place to another, for example claiming token rewards. Transactional volume should not be confused with trading volume, which is something completely different.
While activity dropped across the board, the Axie Infinity ecosystem’s native tokens AXS and SLP took the biggest hit. AXS, the ecosystem’s governance token, lost more than 5% of its valuation. Unfortunately, this inadvertently flipped the positive trend it had experienced recently.
The game’s rewards token SLP took an even bigger hit. Its valuation dropped by more than 8% in the past 24 hours.
Unfortunately, the negative price trend continues for both tokens, as the magnitude of the hack becomes evident.
Ronin bridge and Katana DEX are on pause
Soon after Sky Mavis uncovered the exploit, the team decided to pause all activity on the Ronin bridge. Additionally, the team erred on the side of caution and halted all transactions on the Ronin network’s primary decentralized exchange Katana.
For the moment, there is no information on if and when the Ronin network will resume its functionality. Katana DEX welcomed more than 274,000 unique active wallets in the past thirty days. It also generated upwards of $846 million in volume. This only speaks to the magnitude of the Ronin ecosystem.
Unfortunately, following the hack, the exchange has closed shop for all users for an undetermined amount of time. According to the Sky Mavis team, this pause in activity will help investigate who the hackers are. Still, in the days following the hack, Katana DEX and the Ronin bridge processed thousands of transactions.
Ronin bridge exploit
The Sky Mavis team announced the hack last night. Since then, the Axie Infinity ecosystem has become the focus of headlines for all the wrong reasons. According to an official press release from the Ronin team, the exploiters managed to gain access to five out of the nine Ronin bridge validator nodes. Four of these nodes were operated by the Sky Mavis team, and the Axie DAO controlled the fifth.
The press release explains that the attacker found a backdoor through the Ronin bridge gas-free RPC node. This allowed the bad actor to get the signature for the Axie DAO validator.
In November 2021, when Ronin launched its gas-free transactions, the Axie DAO allowed Sky Mavis to sign various transactions on its behalf. Although this effort was discontinued in December 2021, allowlist access was not revoked. A small mistake like this allowed the hackers to access funds on the Ronin bridge and swipe them.
Six days earlier
An even more worrying detail surrounding the Ronin bridge hack is that Sky Mavis only found out there was a problem six days after the hack had taken place. According to Etherescan records, the stolen funds were transferred from Ronin bridge to the exploiter’s wallet on March 23rd.
Notably, the Sky Mavis team only caught on to the situation following a user complaint. A Ronin bridge user wanted to withdraw 5,000 ETH through the bridging service, but their transaction failed. 5,000 ETH is not a lot of liquidity for a bridge of this size. Consequently, the Sky Mavis team started investigating and saw that over $600 million was drained from the platform.
The hacker, or hackers, used three different wallets to try and cover their tracks. Of course, the blockchain records every transaction, so the wallets were isolated due to the Ronin bridge exploit. Unfortunately, this happened six days after the hack had taken place.
In the meantime, the exploiters managed to transfer funds several times. They even deposited some of the stolen ETH on FTX. Given the extended timeframe they had to operate with the stolen funds, it is no surprise that the hackers opted to exchange as much as possible. However, questions regarding the security of centralized exchanges like FTX started popping up.
One of the more prominent concerns that came into the spotlight was the efficacy of KYC checks performed by CEXs. Technically, the goal of these checks is to verify the identity of users on the platform. However, it seems that hackers still manage to hide by obtaining fake identification documents and passing KYC checks as other people.
Exchanges freeze funds to help Sky Mavis
As news of the hack came to light, prominent exchanges joined the effort to stop the hackers from exchanging more of the stolen assets. Binance, which is in partnership with the Sky Mavis team, suspended its in-house bridge to the Ronin network to protect users from further exploits. Additionally, the exchange is aiding the Sky Mavis team in tracking the hackers, as some of the ETH purchased to carry out the transactions from the exploiters’ wallets was purchased on Binance.
Seychelles-based exchange Huobi also joined the efforts to prevent the hackers from banking in the stolen assets. According to an official announcement, the Huobi team actively monitors their network for stolen assets and block transactions related to the wallets under investigation.
What’s next for Axie Infinity?
The future is looking gloomy right now despite a rather successful first quarter of 2022. Axie Infinity is currently working on launching its Origin version which was set to attract a new wave of activity for the game and its ecosystem. However, a hack of such proportions is no small setback.
The Axie community is anxiously awaiting updates on the future of both Ronin bridge and the whole gaming ecosystem. According to Sky mavis, the team has already hired investigators and forensic cryptographers who are looking into the hack in pursuit of the exploiters.
For the moment, Sky mavis has not made any announcements regarding the effect this hack will have on the system overall. The only information currently available is that a chunk of AXS was withdrawn from the vesting contract in order to supply liquidity to Ronin bridge before the shutdown. According to the announcement, some of that liquidity will be distributed as game rewards for the winners of Axie Infinity Season 20.
DappRadar will continue monitoring the Axie ecosystem as more details surrounding the hack come to light. Unfortunately, this is one of the biggest blockchain game exploits to date, and the consequences on the whole ecosystem can be devastating. To learn the latest Axie Infinity news, follow DappRadar on Twitter. Additionally, you can monitor the activity of the Axie ecosystem if you check out the links below.