Following the $600 million attacks late last month, the Ronin Network and Sky Mavis have promised to improve their smart contracts, pay large bug rewards, and beef up security.
The Federal Bureau of Investigation (FBI) blamed the attack on Lazurus, a North Korean-based, and state-sponsored hacking gang, and issued a warning to other crypto and blockchain companies earlier this month.
Ronin confirmed the platform adjustments in a post-mortem report published yesterday, adding that all user funds are being returned and promising that this “never happens again.”
Rundown of the Breach
A spear-phishing assault on a former Sky Mavis employee resulted in the hack (developers of Axie Infinity). The bad actor was able to access Sky Mavis’ four validator nodes out of a total of nine in the Axie/Ronin ecosystem using the employee’s credentials.
“The attacker discovered a backdoor through our gas-free RPC node, which they utilized to steal the signature for the Axie DAO validator,”
Sky Mavis requested assistance from the Axie DAO in November 2021 to distribute free transactions owing to a large user load. Sky Mavis was given permission by the Axie DAO to sign certain transactions on its behalf. This was phased off in December 2021, although access to the allow list was not withdrawn.
Overview of Ronin
The Ronin Network intends to reopen its bridge by mid-to-late May, with Binance providing withdrawal and deposit infrastructure for Axie users until then.
The team is around 80% done with the Ronin bridge smart contracts upgrade; they’ll be redesigning the backend, transferring all outstanding withdrawals, and providing a validator dashboard that “allows for approving huge transactions and adding/removing new validators,” according to the team.
The Ronin Network bridge is currently undergoing renovations and will reopen once we are certain that it will withstand the test of time. We had hoped to have the upgrade deployed by the end of April, but this is not a process we can afford to expedite.
Overview of Sky Mavis
Sky Mavis will beef up its security measures by enlisting the support of “top tier security specialists,” undertaking contract audits, and putting in place stronger internal procedures including training classes to “fight external attacks.”
It will also greatly increase its node count in order to help decentralize the project. Sky Mavis plans to expand the number of children from nine to eleven in the next three months. In the long run, the initiative hopes to have more than 100 nodes.
Sky Mavis will also provide up to $1 million in bug bounties to any white hat hackers who can uncover new vulnerabilities.
Join our Telegram Channel to get the best notification regarding Pricing Prediction, Trading Analysis, News, Blogs, and interviews.