Hackers stole about $615 million in ether and USDC from the Ronin Network, an Ethereum-based sidechain.
The stolen funds were $540 million at the time of the incident but had risen to $615 million by Tuesday, making it the second-largest theft in the cryptocurrency sector.
The hack was detected by Ronin Network developers on Tuesday morning, six days after the heist, when an individual user reported being unable to withdraw funds from the Ronin bridge.
The Ronin Network, a side chain of the Ethereum blockchain, is largely utilized as the payment rails for the popular play-to-earn game Axie Infinity, providing game players with lower transaction fees.
According to a Ronin network blog post, the incident occurred on March 23 when attackers used compromised private keys to "create bogus withdrawals" via a backdoor method, emptying 173,600 ether (ETH) and 25.5 million of the stablecoin, USD coin (USDC).
Validator nodes are used in blockchains to validate, vote on, and retain a record of transactions. Ronin is made up of nine distinct validator nodes. To validate a withdrawal or deposit, five of the nine nodes must sign off on it.
According to the Ronin Network, attackers obtained a signature using a backdoor loophole provided by the decentralized autonomous organization of the play-to-earn game.
This dates all the way back to November 2021, when [Axie inventor] Sky Mavis requested assistance from the Axie DAO in order to distribute free transactions in response to an enormous user load.
"The Axie DAO authorized Sky Mavis, a publicly traded company, to sign different transactions on its behalf. This was terminated in December 2021, but access to the allowlist was not revoked," the report's authors noted.
The Ronin Network stated that it is collaborating with law enforcement and the blockchain forensics firm Chainalysis, and has taken the required precautions to safeguard against future security breaches via the same path.
At the moment, Ronin Network users are unable to withdraw or deposit funds. Sky Mavis is committed to recouping or reimbursing all money that have been drained, the blog's founders stated.
The hacker's digital wallet has been linked to the monies stolen in two transactions. According to developer Kelvin Fitcher, some of the Ethereum has been put on the cryptocurrency market FTX.
Sam Bankman-Fried, founder and CEO of FTX, acknowledged the discovery and stated on Twitter that his team is investigating.
Since the Ronin Network confirmed the theft, its native cryptocurrency, Ronin (RON), has declined by 21% on the day, falling from $2.30 to $1.80 per coin, according to Coinmarketcap.