Following the $600 million Ronin attack late last month, the Ronin Network and Sky Mavis have promised to improve their smart contracts, pay large bug bounties, and tighten up security.
An exploit for 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), valued at more than $612 million at the time, was discovered on the Ethereum sidechain designed for the popular NFT game Axie Infinity.
The Federal Bureau of Investigation (FBI) blamed the attack on Lazarus, a North Korean-based and state-sponsored hacking gang. It issued a warning to other crypto and blockchain companies earlier this month.
History of the Ronin attack
Sky Mavis’ Ronin validator nodes and Axie DAO validator nodes were hacked on March 23rd, causing a loss of 173,600 Ethereum and 25.5 million USDC from the Ronin bridge.
The hack happened on March 23rd, 2022, and the Sky Mavis team detected it on March 29th. The team didn’t have a robust tracking system in place to monitor massive discharges from the bridge; the rupture didn’t go unnoticed for long.
In order to fabricate bogus withdrawals, the attacker gained possession of five of the nine validator private keys – four Sky Mavis validators and one Axie DAO.
The Security upgrades under the sleeve
The Ronin Network intends to reopen its bridge by mid-to-late May, with Binance providing withdrawal and deposit infrastructure for Axie users until then.
The team is around 80% done with the Ronin bridge smart contracts upgrade; they’ll be redesigning the backend, transferring all outstanding withdrawals, and providing a validator dashboard that “allows for approving huge transactions and adding/removing new validators,” according to the team.
Sky Mavis will beef up its security measures by enlisting the support of “top tier security specialists,” undertaking contract audits, and putting in place more robust internal processes, including training classes to “fight external attacks.”
It will also significantly increase its node count in order to assist in decentralizing the project. Sky Mavis plans to expand the number from nine to eleven in the next three months. The initiative hopes to have more than 100 nodes in the long run.
Sky Mavis will also provide up to $1 million in bug bounties to any white hat hackers who can uncover new vulnerabilities.