Plan for $1M bug bounties and double the nodes in wake of $600M Ronin hack

Published at: April 28, 2022

The Ronin Network and Sky Mavis have vowed to upgrade their smart contracts, offer lucrative bug bounties and ramp up security following the $600 million hack late last month.

As Cointelegraph previously reported, the Ethereum sidechain developed for the popular NFT game Axie Infinity was the victim of an exploit for 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), worth more than $612 million at the time.

Earlier this month, the Federal Bureau of Investigation (FBI) attributed the attack to North Korea-based and state-sponsored hacking group Lazurus, as it fired off a warning to other crypto and blockchain organizations.

Ronin announced its platform changes via a post-mortem report published yesterday, noting that all user funds are in the process of being restored, as it vowed to make sure this “never happens again.”

We have put together a postmortem regarding the Ronin exploit that occurred on March 23rd.• Why it happened• What we're doing to make sure this never happens again• Ronin bridge re-opening updatehttps://t.co/FfwCtCG84E

— Ronin (@Ronin_Network) April 27, 2022

The hack run down

The hack was the result of a spear-phishing attack on a former Sky Mavis employee — developers of Axie Infinity. The bad actor was able to leverage the employee’s credentials to access Sky Mavis’s four validator nodes out of a total of nine in the Axie/Ronin ecosystem.

This by itself was not enough to do any damage, but “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

“This traces back to November 2021 when Sky Mavis requested help from the Axie DAO to distribute free transactions due to an immense user load. The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allow list access was not revoked,” the report reads.

Following the hack, big changes are being implemented at both Sky Mavis and the Ronin Network.

Ronin

The Ronin Network hopes to have its bridge open again by mid to late May, with Binance providing support until then with withdrawal and deposit infrastructure for Axie users.

The team is about 80% through upgrading Ronin bridge smart contracts, they’ll be reworking the backend, migrating all pending withdrawals and launching a validator dashboard that “allows for approving large transactions and adding/removing new validators.”

“The Ronin Network bridge is currently being redesigned and will open once we are confident that it can stand the test of time. We initially expected to be able to deploy the upgrade by the end of April, but this is not a process that we can afford to rush.”

Related: Binance recovers $5.8M in funds connected to Ronin bridge exploit

Sky Mavis

Sky Mavis will ramp up its security measures by seeking the help of “top tier security experts,” conducting contract audits and implementing stricter internal procedures such as training courses to “combat external threats.”

Notably, it will also be significantly upping its node count to help decentralize the project. Having already increased from nine to 11, Sky Mavis intends to get that number up to 21 within three months. Longer-term, the project is eyeing more than 100 nodes.

Sky Mavis will also be launching bug bounties of up to $1 million for any white hat hackers who are able to find further vulnerabilities.

“We recognize the importance and value of security researchers’ efforts in helping keep our community safe. Sky Mavis is offering bounties of up to $1 million to encourage responsible disclosure of security vulnerabilities.”
Tags
Nft
Related Posts
Battle-hardened Ronin bridge to Axie reopens following $600M hack
Sky Mavis, developers of the popular play-to-earn (P2E) nonfungible token (NFT) game Axie Infinity have announced that the Ronin bridge is back online three months after it was hacked for more than $600 million. The Ronin bridge is an Ethereum sidechain built for Axie Infinity, and it enables users to transfer assets between the sidechain and the Ethereum mainnet. On March 29, 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) was drained from the bridge after hackers managed to gain access to private validator keys. The hack was worth more than $620 million at the time. According to the …
Blockchain / June 29, 2022
Nifty News: Solana NFT trading volume, Nike RTFKT COO hacked, and more
DNP3, a streamer and founder of several crypto projects like The charity-focused crypto CluCoin, The Goobers NFT and the metaverse platform Gridcraft Network has admitted to losing investor funds through gambling. In a tweet, the nonfungible token (NFT) project founder talked about his gambling addiction and issued a public apology. I’m sorry. Read: https://t.co/RKM1wYggnC — DNP3 (@DNPthree) January 3, 2023 The Twitch streamer said that he got "incredibly addicted" to gambling in the last year. Eventually, the Twitch streamer claimed that he lost everything. He wrote: “In addition to my own life savings, I also irresponsibly used investor funds to …
Blockchain / Jan. 4, 2023
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Crypto-skeptic gamers review bomb Storybook Brawl after FTX buys it
Indignant gamers have review bombed Storybook Brawl on Steam over fears of potential NFT and blockchain integrations following crypto exchange FTX’s acquisition of its developers Good Luck Games, LLC. Storybook Brawl is a free-to-play auto-battle card game that was launched on online gaming platform Steam in mid-2021. The game’s review history showed an overwhelming amount of support until March 22, the exact day FTX US announced its acquisition. Since that time, the game has moved to an “overwhelmingly negative” status with 600 out the last 761 reviews being negative. While it is possible for anyone who hasn’t played the game …
Blockchain / April 1, 2022
Fidelity plans NFT marketplace: Nifty Newsletter, Dec. 21–27
In this week’s newsletter, read about investment giant Fidelity planning to enter the nonfungible token (NFT) space and how Italy’s NFT market will grow. Check out how North Korean hackers use phishing websites to target NFT holders and listen to a conversation with Crypto Raiders in the NFT Steez podcast. And, don’t forget this week’s Nifty News featuring Japanese gaming firm Square Enix investing millions in an NFT game developer. Fidelity plans NFT marketplace and financial services in the metaverse On Dec. 21, investment firm Fidelity filed three trademark applications to the United States Patent Trademark Office. The trademark filings …
Nft / Dec. 28, 2022