Ronin Bridge
Total Losses
$624.0M+
Date
Network
Categories
bridges leaked keysStep-by-step
- Social engineer attack against key holders to get privileged keys
- Use the privileged keys to drain funds
Detailed Description
The Ronin Bridge was operated by 9 validators with a threshold of 5 out of the 9. This threshold was misleading though, as 4 validators were operated by Sky Mavis. What is more: in Nov 2021, Axie delegated their validator’s signature to Sky Mavis too. This delegation was supposed to be temporary, as Axie was experiencing heavy traffic. Nevertheless, it was never revoked.
As a result, Sky Mavis had 5 signatures. Enough to approve any message.
The attacker got control of the keys doing a social-engineer attack. Once they had it, the were able to call withdrawERC
from the bridge without a backing transaction on the other side.
Possible mitigations
- Multisigs do not matter if in practice several keys are controlled by the same entity. Distribute keys to independent entities to actually enforce that several entities must agree with a transaction before executing it.