Blockchain project Ronin said that hackers stole cryptocurrency now worth almost $615 million from its systems.
The project said that unidentified hackers on March 23 stole some 173,600 ether tokens and 25.5 million USD Coin tokens. At current exchange rates, the stolen funds are worth $615 million, but they were worth some $540 million at the time of the attack.
This makes it the second-largest crypto theft on record, according to blockchain analysis firm Elliptic.
Ronin is used to power the popular online game Axie Infinity, which uses non-fungible tokens (NFTs) and is the biggest NFT collection by all-time sales volume, according to NFT market tracker CryptoSlam.
Ronin said in a blog post that the hacker had used stolen private keys – the passwords needed to access crypto funds – to make off with the funds.
Ronin said it had discovered the hack on Tuesday. “We are working directly with various government agencies to ensure the criminals get brought to justice,” it said, adding that it was discussing with Axie Infinity how to ensure no users’ funds were lost.
Ronin’s users are unable to withdraw or deposit funds on the network, it said.
Ronin said it was working with major blockchain tracker Chainalysis to trace the stolen funds. Most of the funds are still in the hacker’s digital wallet.
Hacks have long plagued crypto platforms.
The cryptocurrency arm of Jump Trading said last month it had restored more than $320 million to crypto platform Wormhole after the decentralised finance site was hit with one of the largest crypto heists on record. read more
Last August, hackers behind likely the biggest ever digital coin heist returned nearly all of the $610 million-plus they stole from the DeFi site Poly Network. read more
In 2018, digital tokens worth some $530 million were stolen from Tokyo-based platform Coincheck. Mt. Gox, another Japanese exchange, collapsed in 2014 after hackers stole half a billion dollars of crypto.
Ronin is developed by Singapore-based game studio Sky Mavis, which owns Axie Infinity. Sky Mavis does not give contact details on its website. It did not immediately respond to a request for comment sent via LinkedIn.