While the federal government figures out its role in regulating cryptocurrency, and consumers continue to try to get in on the action but have lost millions [view related posts here, here, and here], what is being dubbed as the largest crypto hack to date ($625 million) happened last week.
According to Ronin Network, a provider of online gaming services and which suffered the loss, the exploit affected validator nodes for Sky Mavis, the publisher of the Axie Infinity game and Axie DAO.
According to Ronin, an attacker “used hacked private keys in order to forge fake withdrawals.”
In a post dated on March 31, 2022, Ronin stated, “While the investigations are ongoing, at this point we are certain that this was an external breach. All evidence points to this attack being socially engineered, rather than a technical flaw.”
The funds are still in the threat actor’s wallet. Ronin stated on March 31, 2022, that “As of right now users are unable to withdraw or deposit funds to Ronin Network. Sky Mavis is committed to ensuring that all of the drained funds are recovered or reimbursed.” That’s a lot of money to reimburse.