$551M Ronin Bridge Hack

    Axie Infinity

    One of the 12 largest DeFi, Crypto hacks. My summary here: https://crypto.security/crypto-blockchain-security/axie-infinity-ronin-bridge-hack/

    Axie Infinity was at one time the world’s most popular play-to-earn blockchain game. It has its own layer 2 blockchain called Ronin, built on Ethereum. Company behind both is Sky Mavis. Phishing attack through fake job offerings against employees at Sky Mavis led to a successful 51% attack on the Ronin network.The attack allowed the attacked to take control of Sky Mavis’s 4 validators, out of total of 9 validators.

    The Ronin blockchain had 9 validators at the time of the attack, meaning that control of only 5 validators would be sufficient to lead a 51% attack and forge transactions to drain the liquidity from the Ronin bridge. 4 validators were operated by Sky Mavis. Through a different attack they took control of the 5th validator. With control over 5 of 9 validators, the attackers were then able to forge 2 separate transactions, sending ETH and USDC valued at more than $551M to their own wallet.

    Ronin Network published a postmortem report here: https://roninblockchain.substack.com/p/back-to-building-ronin-security-breach