From: thepipeline_xyz
The Ronin blockchain company, known for its popular game Axie, experienced a significant security breach involving a multisig key compromise [00:00:00]. This incident is considered one of the largest hacks in history [00:00:56].
How the Compromise Occurred
The hack originated at Sky Mavis, Ronin’s parent company [00:00:04]. The attack began with a phishing incident:
- A devops engineer was phished with a fake job offer [00:00:10], [00:00:13].
- The engineer clicked an executable file, which became a single point of failure [00:00:18], [00:00:20].
- Through social engineering, the attackers gained access to four out of the nine multisig keys [00:00:41], [00:00:43].
- Multisig requires five keys out of nine keyholes to unlock [00:00:37].
- The attackers then performed lateral movement, moving from the initially compromised device to another to acquire a fifth key [00:00:44], [00:00:47], [00:00:48], [00:00:50].
The Multisig Mechanism
A multisig (multi-signature) setup acts like a “door with many keys” [00:00:31]. In this case, the Ronin Bridge multisig required five keys out of a total of nine to authorize a transaction [00:00:37], [00:00:39].
Impact
Once the attackers obtained all five necessary keys, they were able to compromise the system, leading to a loss of approximately half a billion dollars [00:00:52], [00:01:00], [00:01:02]. This incident highlights the significant impact of large-scale hacks originating from seemingly simple social engineering tactics like phishing emails [00:00:59].