Following the $600 million hack late last month, the Ronin Network and Sky Mavis have promised to improve their smart contracts, pay large bug bounties, and beef up security.
Ronin announced the changes in a post-mortem report published yesterday, stating that all user funds are being reimbursed and vowing to ensure that this “never happens again.”
Axie Infinity $600 million exploit
An exploit was discovered on the Ethereum sidechain designed for the popular NFT game Axie Infinity, which resulted in the theft of 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), totaling more than $612 million at the time.
The Federal Bureau of Investigation traced the attack earlier this month to the North Korean-based and state-sponsored hacker outfit Lazarus, issuing a warning to other crypto and blockchain businesses.
A spear-phishing assault on a former Sky Mavis employee resulted in the hack. The bad actor was able to use the employee’s credentials to get access to four validator nodes in the Axie/Ronin ecosystem out of a total of nine.
This was not enough to cause any harm, but “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
Sky Mavis launches huge bounties
Sky Mavis will beef up its security measures by hiring “top tier security experts,” undertaking contract audits, and instituting stronger internal procedures like training classes to “combat external threats.”
The studio will also be offering $1 million in bug bounties to any white hat hackers who can uncover new vulnerabilities.
It will also considerably increase the number of nodes it has to assist decentralize the project. Sky Mavis plans to raise the number of people in her group from nine to eleven in three months. The project’s long-term goal is to have over 100 nodes.
Meanwhile, the Ronin Network intends to reopen its bridge by mid to late May, with Binance providing help with withdrawal and deposit infrastructure for Axie users until then.