Ronin Breach Explained

Let's talk about what happened

I'm sure you've heard about the recent Ronin Network hack, and you're probably wondering how it happened. There are many technicalities and things that this blog will explain and help you comprehend, as well as lead you through the jargon and terminologies of the Web 3.0 space.

To begin with, we must understand that the Ronin network uses Proof-of-Authority consensus, which means that the Ronin network and the SkyMavis team are the ones who have the power to select its validators. Validators are the ones who validate and sign network transactions.

So, unlike Bitcoin, which uses Proof-of-Work (PoW) consensus, you cannot mine RON since you cannot run a validator node unless you are designated and chosen by the SkyMavis team.

The Ronin validator should stake 50,000 RON to run a validator node. However, keep in mind that even if you have 50,000+ RON, you are not assured to be a validator, as again, the Skymavis team is the one who chooses and approves validators.

Some might ask, So you're saying that the Ronin network is somehow centralized?

Technically, yes. There are other networks with the same consensus, such as the Binance Smart Chain network, which has both the Proof-of-Stake and the Proof-of-Authority Consensus. The down side of this is that, since there are a limited number of validators, seizing control of the network would be much easier. Hence, it is important that the Skymavis team add additional validators to the network in the future to further decentralize it.

The RON network has 9 validator nodes, and a bridge transaction requires 5 signatories (Ronin bridge is a way for you to transfer assets from the Ronin network to the ETH Mainnet network and vise versa).

The hacker managed to get the private keys for some reasons (social engineering) that they managed to access the 4 validator nodes of SkyMavis and 1 node of AxieDAO (a total of 5) which allows them to proceed with the exploit. And as 4 of nodes is under the Skymavis team that have made the breach much easier for the hacker.

“Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC.”

“have confirmed that the signature in the malicious withdrawals match up with the five suspected validators.”

Validator node have a public key and a private key. The public key is used to identify a validator and the private key is used to sign a transaction in the network. Public key is safe to be seen by the public's eyes but Private key should be stored safely and securely.

173,600 Ethereum and 25.5M USDC which 605 million in USD at the time of writing it was drained from the Ronin bridge in two transactions. [Tx1][Tx2]

And the funds currently sits now on this wallet

https://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96

With that being said a lot of questions is being raised by the community such as:

Where do the funds belong?

It is from the ronin bridge contract (if you can remember the exploit is detected when a user is unable to withdraw 5k ETH from the bridge)

And other more questions like What steps do the SkyMavis team took after the exploit?, Is it still safe to use the Ronin network? Which is answered in the Ronin Blockchain Substack.

In a separate article we will talk about what could be the next steps of the hacker and what resolutions we can expect moving forward.

Blog link: https://zabdiel.eth.link/RoninBreach.html