Ronin Network suffers 51% attack, $625 million stolen

March 23, 2022

Summary #

On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets.

Attackers #

It is believed that the Lazarus Group may be involved in the incident, though the attackers have not been identified.

Losses #

The 51% attack on Ronin Network resulted in the theft of $625 million worth of Ethereum and USDC.

Timeline #

March 23, 2022: Ronin Network announces that it has suffered a 51% attack. The blockchain is halted to prevent further damage.
March 29, 2022: Ronin Network resumes operations after the network is patched. The stolen funds are not recovered.
April 14, 2022: The Office of Foreign Assets Control (OFAC) attributes the Axie Infinity heist to the Lazarus Group, a cybercrime organization linked to the Democratic People’s Republic of Korea (DPRK).

Security Failure Causes #

The main reason for the 51% attack on Ronin Network was a vulnerability in the blockchain’s consensus mechanism. The vulnerability allowed the attackers to rent mining power and gain control of over 50% of the network’s hashrate.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam