The gaming-focused Ronin Network announced Tuesday a loss of over $625 million in USDC and ether (ETH).
According to a blog post published by the Ronin Network’s official Substack, the exploit affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.

An attacker “used hacked private keys in order to forge fake withdrawals” from the Ronin bridge across two transactions, as seen on Etherscan.

While the Ronin sidechain has nine validators requiring five signatures for withdrawals and is meant to protect against these types of attacks, the blog post notes that “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.” The hacker was able to obtain 5 keys which were sufficient to execute the hack. The hack took place on March 23 and was not reported until March 29 when a user attempted to withdraw 5000 ETH from the bridge.

The blog post pegged the losses at 173,600 ether and 25.5 million in USDC, currently worth in excess of $625 million.

Update 4/19:
The FBI has confimed that North Korean hackers or the Lazarus Group were responsible for the theft.

Updated 4/22
Binance reported that the company recovers $5.8 from the stolen funds as the exploited attemtped to launder through the exchange.

Updated 5/3
Peckshield reported that Over 90% of the stolen funds have been transferred out of the exploiter's wallet, including ~71,000 $ETH ($213m) already laundered via Tornado.Cash