$540 Million Ronin Hack Exposes Centralization of DeFi Bridges

Reading Time: 2 minutes
  • The massive $540 million hack on the Ronin network was a result of its bridge being exploited
  • DeFi bridges have been accused recently of not being sufficiently decentralized and therefore insecure
  • The Ronin hack follows the Wormhole hack around seven weeks ago

A gargantuan $540 million hack on Axie Infinity’s Ronin network, one of the biggest ever in the DeFi space, has once again highlighted the issues with DeFI bridges. The hack, which was only discovered yesterday despite taking place a week ago, comes around seven weeks after another bridge, Wormhole, was exploited for $320 million worth of ETH and shows how the desire for effective and functional DeFI bridges is coming at the expense of secure operations.

Ronin Hack Undiscovered For Six Days

Ronin alerted the community to the huge hack yesterday, six days after it actually took place:

Ronin said that the hackers “used hacked private keys in order to forge fake withdrawals” and they were only altered to the intrusion after a user was unable to withdraw 5,000 ETH from the bridge. An investigation revealed that the security breach took place on March 23, affecting node validator Sky Mavis’s nodes and Axie DAO validator nodes, which resulted in the funds being stolen from the Ronin bridge.

Another DeFi bridge, Wormhole, saw its smart contract exploited last month when hackers managed to trick the smart contract into thinking they had gained permission to mint 120,000 wETH.

DeFi Bridges Not Decentralized

DeFi bridges, which enable interoperability between different blockchains, have grown in popularity in recent months as users look for ways to easily convert one coin to another cross-chain, but this quest for easy, fast transactions has come at the expense of decentralization.

This means that DeFi bridges can have central points of failure, as was pointed out by venture capitalist Corby Pryor earlier this month in a Real Vision interview:

There’s a deeper issue where people are coming in building bridges that are secured by one computer, so they’re not even decentralized…but no one seems to care that five billion dollars of assets are stored on a single computer controlled by a couple of people, and I think it’s primarily because people are getting their tokens from point A to point B.

Pryor’s concerns have seemingly played out with the Ronin hack, a situation that will hopefully lead to developers of other DeFi bridges taking a good look at their own security measures and deciding if they are sufficiently decentralized to prevent attacks like this from happening on their networks.