Ronin Network suffers 51% attack, $625 million stolen
Summary
On March 23, 2022, Ronin Network, a blockchain that powers the popular game Axie Infinity, suffered a 51% attack. This allows the attacker to control the network via compromising validators private keys and perform malicious actions, such as double-spending transactions or preventing new blocks from being mined. The attack resulted in the theft of $625 million worth of Ethereum and USDC. The hackers were able to reorganize over 100 blocks, which allowed them to double-spend large amount of assets.
Attackers
It is believed that the Lazarus Group may be involved in the incident, though the attackers have not been identified.
Losses
The 51% attack on Ronin Network resulted in the theft of $625 million worth of Ethereum and USDC.
Timeline
- March 23, 2022: Ronin Network announces that it has suffered a 51% attack. The blockchain is halted to prevent further damage.
- March 29, 2022: Ronin Network resumes operations after the network is patched. The stolen funds are not recovered.
- April 14, 2022: The Office of Foreign Assets Control (OFAC) attributes the Axie Infinity heist to the Lazarus Group, a cybercrime organization linked to the Democratic People’s Republic of Korea (DPRK).
Security Failure Causes
The main reason for the 51% attack on Ronin Network was a vulnerability in the blockchain’s consensus mechanism. The vulnerability allowed the attackers to rent mining power and gain control of over 50% of the network’s hashrate.