Ronin & Axie Infinity Hack: Risks of a Multisig

4 min readMar 30, 2022

6 days ago the Ronin protocol got hacked for over $625 million. It took 6 days for this news to hit the market — incredible. People who were aware of it already, even opened leveraged shorts that got liquidated, because the token price went up in the past few days.

Axie Infinity is the most popular crypto game so far. At its peak, it had a market cap of almost $9 billion, and the fully diluted one was 3+ times higher than that. The crypto game has about 3 million monthly active players.

Ronin is the blockchain on which Axie Infinity is built. It’s developed by Sky Mavis, which is a studio focused on the development of games. The hack occurred on the Ronin bridge, which transfers assets from other ecosystems into Ronin and vice versa.

What happened?

Ronin used a multisig system to sign off on deposits and withdrawals to the protocol. This means that there are typically 9 authorized wallets, which can be controlled by individuals or institutions, a majority of whom need to sign a transaction or change in order for it to be implemented into the smart contract.

This is quite a standard practice in the crypto industry, and even highly decentralized protocols such as Yearn Finance use this approach. However, as you can imagine, it is critical that the multisig wallets are actually 9 wallets owned by 9 separate individuals or entities.

Ronin used a different approach. 4 of the 9 multisig keys were held by Sky Mavis, a centralized entity. The hacker got access to the centralized server where these keys were stored and only needed one more multisig to authorize any transaction within the protocol.

Now comes the crazy part: the Axie DAO Validator, one of the other 5 multisig holders, lent out their multisig to Sky Mavis last November. They did this, so Sky Mavis could authorize some transactions quickly due to a high number of users.

The Axie DAO Validator received back its control over the multisig later, but its multisig was never deleted from the Sky Mavis servers. When the hacker got into the Sky Mavis systems, they, therefore, found a pleasant surprise: all 5 multisigs they needed to sign off on a transaction were present.

The hacker stole over $625 million in funds and tried to withdraw some through centralized exchanges, including FTX. They probably bought a hacked KYC’ed account, otherwise, their identity would be exposed.

This is an enormous amount of money and it will be close to, if not impossible, to launder this number of tokens, due to the transparency of transactions. Ronin already partnered with Chainalysis to track the funds and will work together with law enforcement to catch the hacker.

The impact and future of Ronin

The token price of Ronin has been in a freefall in the last 24 hours, dropping more than 20%. The team has assured that all funds will be returned and that users will not suffer any losses.

Axie Infinity continues to be played and the average user isn’t impacted by the exploit. This was demonstrated by the delayed response of the market, 6 days after the exploit. It is a staggering amount of money, one of the biggest hacks in DeFi history, but Ronin and Axie Infinity have been wildly popular over the past couple of months which may soften the blow they received.

Why Lossless is needed

This hack could have been and should have been prevented by better management of the multisigs. Mistakes happen. When an error occurs it is great to have a backup plan, a safety net.

Lossless is such a safety net. When a hack occurs, the community-built Lossless bots can step in to identify the malicious transaction and freeze it. Afterward, it will be examined by the Decision-Making Body, which will decide whether the transaction will go through or not, i.e. validate the hack.

Lossless is about to launch its solution, Core Protocol, in mid-April on ETH’s mainnet to contribute to a safer world of crypto. Find more information on the links below.

About Lossless

Lossless is the world’s first DeFi hack mitigation tool for token creators. Apart from Lossless’ known cyber security solutions and renowned professionals, the community also plays a role. With a tangible reward system, community members are also encouraged to explore new ways to detect hacks and fraudulent transactions.

Lossless protocol halts counterfeit transactions through various methods of fraud identification and automatically reverses any stolen tokens back to the original owner. Its solutions to the impending problems of cyber theft within the blockchain space are thorough and applicable within many protocols.

Twitter | Telegram | Discord | Website | Documentation | Github




World’s first unrivalled exploit identification and mitigation tools, designed to foolproof web3 from malicious activity.