加密駭客綜述：挪威凍結被駭客入侵的 Ronin 基金

資訊安全媒體集團每週都會匯總數位資產中的網路安全事件。本週，挪威政府凍結了 Ronin 駭客事件的資金

Norwegian authorities have frozen and returned $5.7 million linked to the $600 million Ronin exploit, according to a statement from blockchain game developer Sky Mavis on Monday.

根據區塊鏈遊戲開發商 Sky Mavis 週一的聲明，挪威當局已凍結並返還了與價值 6 億美元的 Ronin 漏洞相關的 570 萬美元。

Ronin, an ethereum sidechain supporting the play-to-earn game Axie Infinity, was exploited by a hacker in March 2022, marking the largest decentralized finance exploit in history. The exploit has been attributed to North Korea's Lazarus Group by blockchain analysis firms and the U.S. Federal Bureau of Investigation.

Ronin 是支援玩賺錢遊戲 Axie Infinity 的以太坊側鏈，於 2022 年 3 月被駭客利用，標誌著史上最大的去中心化金融漏洞。區塊鏈分析公司和美國聯邦調查局將這一漏洞歸咎於北韓的 Lazarus 集團。

According to Sky Mavis, 15% of the recovered funds will cover expenses, while the remaining funds will be credited to the Axie Infinity treasury. Law enforcement also froze $40 million in other assets, but Sky Mavis said it could not provide a timeline for the return.

據 Sky Mavis 稱，收回資金的 15% 將用於支付費用，其餘資金將記入 Axie Infinity 金庫。執法部門還凍結了 4000 萬美元的其他資產，但 Sky Mavis 表示無法提供歸還的時間表。

"We are grateful for the Norwegian government's assistance in recovering these stolen funds. This incident highlights the critical role of international cooperation in combating cybercrime and protecting digital assets," a Sky Mavis spokesperson told Information Security Media Group.

Sky Mavis 發言人告訴資訊安全媒體集團：“我們感謝挪威政府協助追回這些被盜資金。這一事件凸顯了國際合作在打擊網路犯罪和保護數位資產方面的關鍵作用。”

The Ronin exploit targeted the sidechain's bridge, which enables users to transfer assets between ethereum and Ronin. To complete a withdrawal, users submit a request, which is then signed by a majority of the bridge's nine validators. Normally, these validators include Sky Mavis employees and third-party firms such as cryptocurrency exchange Binance.

Ronin 漏洞利用側鏈橋，使用戶能夠在以太坊和 Ronin 之間轉移資產。要完成提款，用戶需要提交請求，然後由橋的九個驗證者中的大多數人簽署。通常，這些驗證者包括 Sky Mavis 員工和第三方公司，例如加密貨幣交易所 Binance。

However, the attacker compromised the private keys of four out of the five validators and obtained a signature from a social recovery validator, enabling them to withdraw large sums of ethereum and USDC from the bridge. The attacker used the decentralized exchange aggregator 1inch to swap half of the stolen ethereum for bitcoin.

然而，攻擊者洩露了五個驗證器中四個的私鑰，並獲得了社交恢復驗證器的簽名，使他們能夠從橋上提取大量以太坊和 USDC。攻擊者使用去中心化交易聚合器 1inch 將一半被盜的以太坊兌換成比特幣。

Later in March 2022, blockchain analysis firm Chainalysis reported that $30 million of the stolen funds had been laundered through decentralized mixers and cryptocurrency tumblers.

2022 年 3 月晚些時候，區塊鏈分析公司 Chainaanalysis 報告稱，被盜資金中有 3,000 萬美元是透過去中心化混合器和加密貨幣滾筒進行洗錢的。

In April 2023, Norwegian authorities seized $5.7 million linked to the Ronin exploit, according to Sky Mavis. The company did not provide further details on the recovery process or the parties involved in the seizure.

根據 Sky Mavis 報道，2023 年 4 月，挪威當局查獲了與 Ronin 漏洞相關的 570 萬美元。該公司沒有提供有關回收過程或參與扣押的各方的更多細節。