Axie Infinity’s Ronin network suffers hack and theft of over $600 million

The hackers breached the Ronin Network, an independent and Ethereum-compatible blockchain developed by Axie Infinity publisher Sky Mavis. Axie Infinity co-founder Jeff Zirlin discussed the hack on stage during a keynote address at the NFT LA conference.

«We realized the Ronin network has been exploited for 173,000 [Ethereum] and around 25 million dollars in USDC,» Zirlin said, under a screen with the words «State of the NFT Union: Where we are today and what’s next.» USDC is a so-called stablecoin whose value is pegged to the US dollar.

«It is one of the bigger hacks in history,» he added, while vowing to continue building. «We believe in a future of the internet that is open and owned by the users.»

Last year, an anonymous hacker stole roughly $600 million in cryptocurrency from Poly Network, a decentralized finance network, in what was called the largest crypto heist in history. The hacker later gave it back.

John Reed Stark, a former chief of the Security and Exchange Commission’s Office of Internet Enforcement, told CNN the latest hack «is a sobering reminder of just how vulnerable Web3 marketplaces are to cyber attacks.» (Web3 refers to the idea of a decentralized internet powered by the blockchain, the technology that underpins various cryptocurrencies.)

«The entire web3 marketplace is so fraught with chaos and lawlessness, we may never learn the truth about what happened,» said Stark. «And unlike U.S. financial firms who must report cyber-attacks fairly, accurately, promptly, etc., NFT and other Web3 marketplaces do not have to report anything at all.»

Axie Infinity is a successful web3 game in which players use NFT digital pets, called Axies, to interact with the game’s community. Players can use their Axies to battle other players and to breed new Axies. In 2021, the game’s creator raised $152 million in Series B funding led by famed VC fund Andreessen Horowitz.

According to a blog posted to the Ronin network’s official Substack on Tuesday, the system has halted activity on networks that allow players to convert assets in the Axie Infinity universe and to convert currency between the Ethereum and Ronin blockchains. Players who keep digital funds on the Ronin network are currently unable to make transactions.

Beginning on March 23, attackers compromised private keys used to validate transactions on the network, according to the company blog post. These keys allowed the malicious actors to forge fake withdrawals. The activity went unnoticed until a user was unable to withdraw funds and filed a report.

The network pledged to «ensure no users’ funds are lost,» according to the blog post. Most of the stolen funds currently remain in the hacker’s crypto wallet, the company said.

«We are working with law enforcement officials, forensic cryptographers, and our investors to make sure that all funds are recovered or reimbursed,» the network tweeted.

CNN’s Jon Sarlin contributed to this report.