After vowing that a hack “never happens again,” the Ronin Network and Sky Marvis are dramatically improving their security measures.
Following the $600 million attack late last month, the Ronin Network and Sky Mavis have pledged to improve their smart contracts, give large bug rewards, and beef up security.
An exploit for 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) valued over $612 million was discovered on the Ethereum sidechain designed for the popular NFT game Axie Infinity.
The FBI blamed the attack on Lazurus, a North Korean-based and state-sponsored hacking gang, and issued a warning to other crypto and blockchain companies earlier this month.
Ronin disclosed its platform adjustments in a post-mortem report published yesterday, stating that all customer monies are being recovered and promising that this “never happens again.”
Rundown of the hack
A former Sky Mavis employee was targeted in a spear phishing assault, which resulted in the compromise (developers of Axie Infinity). The bad actor was able to access Sky Mavis’ four validator nodes out of a total of nine in the Axie/Ronin ecosystem by using the employee’s credentials.
“The attacker discovered a backdoor through our gas-free RPC node, which they utilised to steal the signature for the Axie DAO validator,” according to the report.
“This dates back to November 2021, when Sky Mavis asked the Axie DAO for assistance in distributing free transactions owing to a high user load. Sky Mavis was given permission by the Axie DAO to sign certain transactions on its behalf. This was phased off in December 2021, but access to the approve list was not revoked,” according to the report.
Both Sky Mavis and the Ronin Network are undergoing significant adjustments as a result of the attack.
The Ronin Network intends to reopen its bridge by mid- to late-May, with Binance providing withdrawal and deposit infrastructure for Axie users until then.
The team is around 80% done with the Ronin bridge smart contracts upgrade; they’ll be redesigning the backend, transferring all outstanding withdrawals, and providing a validator dashboard that “allows for approving huge transactions and adding/removing new validators,” according to the team.
Sky Mavis will beef up its security measures by hiring “top tier security specialists,” conducting contract audits, and establishing stronger internal procedures like training classes to “fight external threats.”
It will also considerably increase the number of nodes in the project to help decentralise it. Sky Mavis plans to raise the number of people in her group from nine to eleven in the next three months. The project’s long-term goal is to have over 100 nodes.
Sky Mavis will also provide up to $1 million in bug bounties to any white hat hackers who can uncover more vulnerabilities.