加密黑客综述：挪威冻结被黑客入侵的 Ronin 基金

信息安全媒体集团每周都会汇总数字资产中的网络安全事件。本周，挪威政府冻结了 Ronin 黑客事件的资金

Norwegian authorities have frozen and returned $5.7 million linked to the $600 million Ronin exploit, according to a statement from blockchain game developer Sky Mavis on Monday.

根据区块链游戏开发商 Sky Mavis 周一的一份声明，挪威当局已冻结并返还了与价值 6 亿美元的 Ronin 漏洞相关的 570 万美元。

Ronin, an ethereum sidechain supporting the play-to-earn game Axie Infinity, was exploited by a hacker in March 2022, marking the largest decentralized finance exploit in history. The exploit has been attributed to North Korea's Lazarus Group by blockchain analysis firms and the U.S. Federal Bureau of Investigation.

Ronin 是支持玩赚钱游戏 Axie Infinity 的以太坊侧链，于 2022 年 3 月被黑客利用，标志着历史上最大的去中心化金融漏洞。区块链分析公司和美国联邦调查局将这一漏洞归咎于朝鲜的 Lazarus 集团。

According to Sky Mavis, 15% of the recovered funds will cover expenses, while the remaining funds will be credited to the Axie Infinity treasury. Law enforcement also froze $40 million in other assets, but Sky Mavis said it could not provide a timeline for the return.

据 Sky Mavis 称，收回资金的 15% 将用于支付费用，其余资金将记入 Axie Infinity 金库。执法部门还冻结了 4000 万美元的其他资产，但 Sky Mavis 表示无法提供归还的时间表。

"We are grateful for the Norwegian government's assistance in recovering these stolen funds. This incident highlights the critical role of international cooperation in combating cybercrime and protecting digital assets," a Sky Mavis spokesperson told Information Security Media Group.

Sky Mavis 发言人告诉信息安全媒体集团：“我们感谢挪威政府协助追回这些被盗资金。这一事件凸显了国际合作在打击网络犯罪和保护数字资产方面的关键作用。”

The Ronin exploit targeted the sidechain's bridge, which enables users to transfer assets between ethereum and Ronin. To complete a withdrawal, users submit a request, which is then signed by a majority of the bridge's nine validators. Normally, these validators include Sky Mavis employees and third-party firms such as cryptocurrency exchange Binance.

Ronin 漏洞利用侧链桥，使用户能够在以太坊和 Ronin 之间转移资产。要完成提款，用户需要提交请求，然后由桥的九个验证者中的大多数人签名。通常，这些验证者包括 Sky Mavis 员工和第三方公司，例如加密货币交易所 Binance。

However, the attacker compromised the private keys of four out of the five validators and obtained a signature from a social recovery validator, enabling them to withdraw large sums of ethereum and USDC from the bridge. The attacker used the decentralized exchange aggregator 1inch to swap half of the stolen ethereum for bitcoin.

然而，攻击者泄露了五个验证器中四个的私钥，并获得了社交恢复验证器的签名，使他们能够从桥上提取大量以太坊和 USDC。攻击者使用去中心化交易聚合器 1inch 将一半被盗的以太坊兑换成比特币。

Later in March 2022, blockchain analysis firm Chainalysis reported that $30 million of the stolen funds had been laundered through decentralized mixers and cryptocurrency tumblers.

2022 年 3 月晚些时候，区块链分析公司 Chainaanalysis 报告称，被盗资金中有 3000 万美元是通过去中心化混合器和加密货币滚筒进行洗钱的。

In April 2023, Norwegian authorities seized $5.7 million linked to the Ronin exploit, according to Sky Mavis. The company did not provide further details on the recovery process or the parties involved in the seizure.

据 Sky Mavis 报道，2023 年 4 月，挪威当局查获了与 Ronin 漏洞相关的 570 万美元。该公司没有提供有关回收过程或参与扣押的各方的更多细节。