According to a blog post published by the Ronin Network’s official Substack, the validator nodes of Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO were compromised. An attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge in two transactions (1 and 2). While the hack occurred on March 23rd, it was discovered only on Tuesday morning after a user reported being unable to withdraw 5,000 ETH from the bridge network. Providing details of the attack, the blog post stated that Sky Mavis’ Ronin chain has nine validator nodes, of which five validator signatures are required to recognize a Deposit event or a Withdrawal event. The validator key scheme is set up to be decentralized so that it limits an attack vector. In this case, the attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO. “The attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator,” it added. This traces back to November 2021 when Sky Mavis requested help from the Axie DAO validator to distribute free transactions due to an immense user load. While Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf, it was discontinued in December 2021. However, the allowlist access was still not revoked. Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator by using the gas-free RPC. Meanwhile, the company said it has taken the following precautionary actions to guard against the attack: “We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed. All of the AXS, RON, and SLP on Ronin are safe right now,” the blog post concluded. “We are working directly with various government agencies to ensure the criminals get brought to justice. We are in the process of discussing with Axie Infinity / Sky Mavis stakeholders about how to best move forward and ensure no users’ funds are lost. Sky Mavis is here for the long term and will continue to build.”