Sky Mavis reveals new info on $625m Ronin hack, outlines security roadmap

New info on how the breach actually happened as well as a security roadmap has been revealed, mentioning more nodes, audits, the estimated time for the reopening of the Ronin bridge and more.

Apr 29, 2022
by Dragan
Sky Mavis reveals new info on $625m Ronin hack, outlines security roadmap
News

Following the events surrounding one of the biggest thefts in the history of crypto to date, Sky Mavis has shed some new light on the Ronin hack that gives us a clearer view of how it all actually happened.

The team explained that a former employee for the Vietnam-based studio suffered an advanced phishing attack, through whom the attacker managed to gain access to the validator nodes.

At the time the Ronin and Axie DAO nodes were breached, which was on March 23rd this year, the Axie Infinity developers had 4 out of 9 validators under their control, which they state “would not be enough to forge withdrawals.”  Unfortunately, the exploiter was able to take advantage of a “gas-free RPC node,” allowing themselves access to the signature from the Axie DAO validator via the RPC. 

This vulnerability stems all the way to November last year, when the Axie DAO accepted the company’s request for free transactions due to “an immense user load” present at the time. While this process stopped in December of 2021, the allowlist that the Axie DAO put Sky Mavis on to permit signing transactions in the name of the DAO was still active.

Although the issue is now solved thanks to the addition of new validator nodes, Sky Mavis has outlined a security roadmap in an effort to prevent such a serious case from ever happening again. Some of the ways the team will bolster their security include adding more nodes, more audits, various “security related certifications,” a tighter internal procedure that will include various training courses and more. 

Previously it was revealed that the Ronin Network will have a total 21 validator nodes within the next 3 months, but now the team has also mentioned that the long-term plan is to have more than a 100 nodes in order to ensure maximum security.  They have also reiterated on the $1 million bug bounty program, calling all white hat hackers to help find security flaws and be rewarded in $AXS for doing so.

The Ronin bridge is expected to be reopened sometime in the middle of May or later in the month this year. Work on recovering all lost user funds is also well underway.

Disclaimer: The information provided on this page do not constitute investment advice, financial advice, trading advice, or any other sort of advice and you should not treat any of the website's content as such. Individuals should do their own research before taking any actions related to the product they read about and carry full responsibility for their decisions.
We have sent you an email, please confirm!


News Filter
Play Games Now
Galaxy Fight Club
Galaxy Fight Club
illuvium
illuvium
Gods Unchained
Gods Unchained