Security Research

DeFi targeted by State Sponsored Adversaries: The Ronin Hack

April 20, 2022

AxieInfinity suffered a $550+ million hack and nobody noticed for 6 days! Additional funds were put at risk due to a delayed response to the incident. Christian Seifert, researcher-in-residence shares all the details on the attack and how Forta could have prevented it.    

On March 29th, the world learned about another massive Web3 hack that made it to the top position on the Rekt leadership board. We learned recently that the FBI seems to attribute the attack to the Lazarus Group, a threat actor associated with the North Korean government showcasing that Web3 is faced with some formidable adversaries that make a comprehensive security approach a must.

This time, the hack involved yet another bridge. The top 3 hacks on the leadership board happened on cross-chain bridges (with Poly Network and Wormhole being the other two). Bridges are needed to transfer tokens from one chain to another. However, in doing so, the user accepts inherent security risk associated with bridges. First, bridged tokens inherit the security properties of the chain the tokens are bridged to. For instance, the security of a WETH token on Ethereum Mainnet is very different to the security of the bridged WETH token on a different chain as pointed out recently by Vitalik Buterin. Second, bridges are inherently more complex in that the whole bridge requires several multi-chain components that need to synchronize state across chains. 

How the Ronin Bridge works

The Ronin bridge essentially exists in two parts. A bridge contract on the Ethereum Mainnet and a set of Ronin Validators/ Contracts on the Ronin side. When a user wants to withdraw tokens previously bridged to the Ronin network, they have to deposit those tokens on the Ronin bridge and a set of validators generate a signature that then is passed to the withdrawal function (as shown in Figure 1) of the Ronin bridge Ethereum mainnet contract. Five of the nine validators need to be involved in the signature generation. The signature then gets validated by the contract, and the tokens are sent to the user’s Ethereum mainnet wallet.

Figure 1 - Parameters passed into the withdrawal function

Figure 2 - The Ronin Bridge Attack Steps

The Attack


The attack on the Ronin bridge was essentially a private key theft as illustrated in Figure 1. The attacker obtained access to four keys of the Sky Marvis validators (Step 1). How they did so has not yet been disclosed. However, four validators is not sufficient to generate a valid signature. A fifth key is needed and the attacker obtained this key through an open RPC to the Axie DAO validator. This RPC was opened back in November 2021 to handle the Ronin network’s load; the practice was stopped in December 2021, but the RPC access was never revoked, which allowed the attacker to obtain the essential fifth key (Step 2) to generate a valid signature for withdrawals. Step 3, the final step, involved issuing simple withdrawal requests for ETH and USDC using the generated signatures

Interestingly, the bridge did not only hold ETH and USDC, but also large quantities of AXS tokens. The attacker did not choose to withdraw those tokens from the bridge. Given they had the five necessary keys, they certainly could have done so. The impact of this would have been to the tune of almost USD 3 billion! Why they did not do so is unknown. It could have been merely an oversight or simply realizing that cashing out on large quantities of AXS tokens was not feasible due to low liquidity.


Nobody noticed for 6 days

The other interesting fact of this attack was that it remained undiscovered for six days! A user tried to withdraw 5,000 ETH from the Ronin bridge, which failed, which was the trigger for the investigation, subsequent public disclosure, and pausing of the bridge. It is important to note that the bridge was actively being used by users in this period and several thousand ETH and USDC deposited after the attack were subsequently at risk. 

Inability to identify attacks as they occur not only put further user assets at risk, but also diminishes the ability to contain the blast radius of the attack. The attacker was given ample opportunity to exchange funds to native tokens and send funds to exchanges without any watchful eyes. Forta, a decentralized real-time detection network for security & operational monitoring of blockchain activity, is an essential layer to a comprehensive security approach. It monitors each transaction and generates alerts to identify an imminent or attacks in progress. 

How Forta could have helped detect it

Figure 3 - Ronin Bridge Attack Timeline

For the attack in question, two high confidence alerts fired. The first one at 03/23/2022 01:46:46 PM UTC indicating high gas usage (shown in Figure 4) and the second one a few minutes later on high value transactions. While these alerts are fairly noisy overall, in context of the Ronin bridge contract, it was highly abnormal and could have represented a high confidence signal of an attack as shown in Figure 5.

Figure 4 - High Gas Alert

Figure 5 - Priority Fees for Ronin Bridge Transactions

Parting Thoughts


The Ronin attack was yet another unfortunate attack that may have been prevented through a comprehensive security approach. Large numbers of users have lost funds either through the token theft or unexpected price movement that was triggered by the attack. It seems like Sky Marvis secured 150M in funds and is planning to use a portion of those funds to mitigate the financial impact of the attack. 

Financial impact is just one consequence of this attack; loss of trust is another that is much more difficult to repair. We urge all Web3 projects to consider their approach to security. Was an audit conducted? Do you have a bug bounty in place? Do you have monitoring and incident response processes? Forta can help you to quickly put comprehensive monitoring coverage in place for your project supporting a broad range of L1/L2 chains. Build your own detection bot or subscribe to existing bots on the Forta App to get started.

Get into all the details

Indicators

Attacker Addresses

- 0x098b716b8aaf21512996dc57eb0615e2383e2f96

Attack Transactions

- 0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08

- 0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7

Protocol Contract Addresses

- 0x1a2a1c938ce3ec39b6d47113c7955baa9dd454f2

Tokens Impacted

USDC - 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48

WETH - 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2

AXS  - 0xBB0E17EF65F82Ab018d8EDd776e8DD940327B28b

SLP  - 0xCC8Fa225D80b9c7D42F96e9570156c65D6cAAa25

RON  - Native Token to Ronin Bridge

References

Relevant Project URLs

  1. Ronin Block Explorer
  2. Ronin Validator List - (Note, there are 10 as opposed to 9 validators now; 4 are still operated by Sky Mavis)
  3. Sky Mavis Site
  4. Ronin Bridge
  5. Ronin Documentation
  6. RON Token/ Project Description
  7. Launch Announcement
  8. Ronin smart contract repository
  9. Katana DEX

Relevant Security URLs

- DefiSafety  

- Audit information

Relevant Attack Urls

- Public Disclosure

- Root Cause Analysis

- Lazarus Group FBI Information

- Rekt Article

- Ronin Bridge Dune Dashboard

- Eth L1 Bridge Dashboard

- Pause Transaction

- Lazarus Group Wikipedia

- 150M funding news

Project Information

Ronin is a side chain that supports the Axie Infinity game. The chain token is RON; the game tokens are AXS and SLP. The side chain is required for low cost, high transaction volume to support the game ecosystem. To create high throughput, the blockchain trilemma caused Ronin to compromise on decentralization to support speed.

In order to transfer funds from Ethereum Mainnet to the Ronin network, the Ronin Bridge must be used. It holds SLP, AXS, ETH and USDC. Prior to the hack, it held nearly 3.6B US Dollars.

- Category: Gaming; Play-to-Earn

- Twitter Handle: @Ronin_Network

- Project Web Site: https://whitepaper.axieinfinity.com/technology/ronin-ethereum-sidechain and https://explorer.roninchain.com/

- Chains supported: Ethereum Mainnet/Ronin

- Launch Date: 2/1/202

Security Information

To create high throughput, the Ronin bridge compromised on decentralization to support speed, which made it susceptible to this attack. Further, the overall security approach of the project was weak with crucial aspects, such as auditing and monitoring lacking.

  1. DefiSafety: No Score
  2. Audit: No information
  3. Assessment of forensic readiness:
    1. block explorer exists, but signing activity of the bridge (Ronin side) is not visible
    2. node code not open source
    3. unable to run a node yourself
    4. ethereum bridge contract code is open source
    5. ethereum bridge emits withdrawl and deposit events
  4. Monitoring: No monitoring
  5. Project's IR process information: No documented process
  6. IR Capabilities:
    1. Ronin Bridge Implements Proxy Pattern
    2. Ronin Bridge has pause/unpause capabilities (managed by admin EOAs)
    3. SLP ERC-20 token - no pause/unpause capability
    4. AXS ERC-20 token - no pause/unpause capability
    5. RON native token on Ronin bridge - not a smart contract/ could shut down entire chain through
  7. Post-mortem information:
    1. https://roninblockchain.substack.com/p/community-alert-ronin-validators?s=w

Loss Information Breakdown

Total: ~986M USD (estimates based on token prices in USD at time of the hack)
Loss in tokens stolen:
173,000ETH (~519M USD)

25M USDC

Losses in market cap of affected tokens (example chart on RON price movements shown below):

RON - ~66M USD MarketCap Loss 

SLP - ~10.76M USD MarketCap Loss

AXS - ~365M USD MarketCap Loss

Share