The Ronin Network and Sky Marvis are beefing up security procedures after vowing to prevent further hacks.
A $600 million attack last month prompted Ronin Network and Sky Mavis to improve their smart contracts, offer substantial bug rewards, and beef up security.
An Ethereum sidechain designed for the popular NFT game Axie Infinity was exploited for 173,600 ETH and 25.5 million USD Coin (USDC) valued over $612 million.
The FBI blamed the attack on North Korean state-sponsored hacking group Lazurus earlier this month, alerting other crypto and blockchain businesses.
Ronin published a post-mortem report yesterday, saying that all user funds are being returned and vowing that this “never happens again.”
We have put together a postmortem regarding the Ronin exploit that occurred on March 23rd.
• Why it happened
• What we're doing to make sure this never happens again
• Ronin bridge re-opening updatehttps://t.co/FfwCtCG84E
— Ronin (@Ronin_Network) April 27, 2022
The hacker run
A former Sky Mavis employee was spear phished in the hack (developers of Axie Infinity). The malicious actor was able to access Sky Mavis’ four validator nodes out of nine in the Axie/Ronin ecosystem.
The attacker found a backdoor through our gas-free RPC node, which they utilised to steal the Axie DAO validator’s signature.
In November 2021, Sky Mavis asked the Axie DAO for help distributing free transactions owing to heavy user load. The Axie DAO listed Sky Mavis to sign transactions. The allow list access was not withdrawn in December 2021.
Sky Mavis and the Ronin Network have both changed dramatically since the breach.
The Ronin Network intends to reopen its bridge by mid-late May, with Binance providing withdrawal and deposit infrastructure for Axie users until then.
The team will revamp the backend, migrate all outstanding withdrawals, and launch a validator dashboard that “allows for approving huge transactions and adding/removing additional validators.”
A revised Ronin Network bridge will be opened once we are satisfied it can withstand the test of time. We had hoped to deliver the upgrade by the end of April, but we can’t afford to rush.”
Aside from hiring “top notch security experts,” Sky Mavis would perform contract reviews and establish stricter internal procedures like as training classes to “combat external threats.”
It will also increase its node count to assist decentralise the initiative. Sky Mavis plans to increase from nine to eleven in three months. More than 100 nodes are planned in the future.
Sky Mavis will also provide $1 million bug bounties to white hat hackers who find new vulnerabilities.
“We value the work of security researchers in keeping our community safe. Sky Mavis is rewarding responsible disclosure of security flaws with up to $1 million in rewards.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.